CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
cdn.datatables.net/1.11.3/
github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
lists.debian.org/debian-lts-announce/2023/08/msg00018.html
security.netapp.com/advisory/ntap-20240621-0006/
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376
snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial