Lucene search

Ubuntu.comUB:CVE-2021-36713

HistoryMar 06, 2023 - 12:00 a.m.

CVE-2021-36713

2023-03-0600:00:00

ubuntu.com

cve-2021-36713

cross site scripting

datatables

jquery

arbitrary code

sbasename

_fncreatecookie

version 2012

unix

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.8%

JSON

Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2
for jQuery allows attackers to run arbitrary code via the sBaseName
parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchdatatables.js< anyUNKNOWN
ubuntu20.04noarchdatatables.js< anyUNKNOWN
ubuntu22.04noarchdatatables.js< anyUNKNOWN
ubuntu24.04noarchdatatables.js< anyUNKNOWN
ubuntu16.04noarchdatatables.js< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	datatables.js	< any	UNKNOWN
ubuntu	20.04	noarch	datatables.js	< any	UNKNOWN
ubuntu	22.04	noarch	datatables.js	< any	UNKNOWN
ubuntu	24.04	noarch	datatables.js	< any	UNKNOWN
ubuntu	16.04	noarch	datatables.js	< any	UNKNOWN

References

cdn.datatables.net/1.9.2/js/jquery.dataTables.js

gist.github.com/walhajri/711af9b62f6fb25e66a5d9a490deab98

launchpad.net/bugs/cve/CVE-2021-36713

nvd.nist.gov/vuln/detail/CVE-2021-36713

security-tracker.debian.org/tracker/CVE-2021-36713

www.cve.org/CVERecord?id=CVE-2021-36713

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

37.8%

JSON

Related for UB:CVE-2021-36713