Lucene search

Redhat.comRH:CVE-2021-23445

HistoryJan 10, 2024 - 4:32 p.m.

CVE-2021-23445

2024-01-1016:32:17

redhat.com

access.redhat.com

cve-2021-23445

improper neutralization

html escape entities

cross site scripting

xss

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

An improper neutralization of input vulnerability was found in datatables.net. If an array is passed to the HTML escape entities function, it does not have its contents escaped, possibly leading to cross site scripting (XSS).

References

bugzilla.redhat.com/show_bug.cgi?id=2257732

cdn.datatables.net/1.11.3/

nvd.nist.gov/vuln/detail/CVE-2021-23445

www.cve.org/CVERecord?id=CVE-2021-23445

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for RH:CVE-2021-23445