vulnerability
Red Hat JBoss EAP: CVE-2021-23445: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 27, 2021 | Sep 19, 2024 | Mar 25, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 27, 2021
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.. An improper neutralization of input vulnerability was found in datatables.net. If an array is passed to the HTML escape entities function, it does not have its contents escaped, possibly leading to cross site scripting (XSS).
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-79
- CVE-2021-23445
- https://attackerkb.com/topics/CVE-2021-23445
- https://access.redhat.com/security/cve/CVE-2021-23445
- https://bugzilla.redhat.com/show_bug.cgi?id=2257732
- https://cdn.datatables.net/1.11.3/
- https://access.redhat.com/errata/RHSA-2024:3559
- https://access.redhat.com/errata/RHSA-2024:3560
- https://access.redhat.com/errata/RHSA-2024:3561
- https://access.redhat.com/errata/RHSA-2024:3563
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-2066
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.