CVE-2021-36713

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/datatables/datatables

Identifiers

CVE-2021-36713

Package Slug

packagist/datatables/datatables

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.

Affected Versions

Version 1.9.2

Solution

Upgrade to version 1.10.0 or above.

Last Modified

2023-03-14

source