Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
This affects the package datatables.net If an array is passed to the HTML escape entities function it would not have its contents escaped.
Advisories for Npm/Datatables.net package
2021
2020
Improper Input Validation
datatables.net is vulnerable to Prototype Pollution due to an incomplete fix