CVE-2021-23445
Description
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.327
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Nessus Agent (10.5.0) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.5.0) | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 10.5.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2021-23445) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-346981 | Nessus Agent (10.8.4) (Manual Upload Required) |
| PATCH-346982 | Nessus Agent (x64) (10.8.4) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234