CVE-2021-36713
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
06/03/2023
Last modified:
07/03/2025
Description
Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sprymedia:datatables:1.9.2:*:*:*:*:jquery:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://cdn.datatables.net/1.9.2/js/jquery.dataTables.js
- https://gist.github.com/walhajri/711af9b62f6fb25e66a5d9a490deab98
- https://security.netapp.com/advisory/ntap-20230406-0003/
- https://cdn.datatables.net/1.9.2/js/jquery.dataTables.js
- https://gist.github.com/walhajri/711af9b62f6fb25e66a5d9a490deab98
- https://security.netapp.com/advisory/ntap-20230406-0003/