vulnerability
Red Hat JBoss EAP: CVE-2021-23445: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 27, 2021 | Sep 19, 2024 | Oct 28, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 27, 2021
Added
Sep 19, 2024
Modified
Oct 28, 2025
Description
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.. An improper neutralization of input vulnerability was found in datatables.net. If an array is passed to the HTML escape entities function, it does not have its contents escaped, possibly leading to cross site scripting (XSS).
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-79
- CVE-2021-23445
- https://attackerkb.com/topics/CVE-2021-23445
- URL-https://access.redhat.com/security/cve/CVE-2021-23445
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2257732
- URL-https://cdn.datatables.net/1.11.3/
- URL-https://access.redhat.com/errata/RHSA-2024:3559
- URL-https://access.redhat.com/errata/RHSA-2024:3560
- URL-https://access.redhat.com/errata/RHSA-2024:3561
- URL-https://access.redhat.com/errata/RHSA-2024:3563
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.