2 matches found
CVE-2020-28458
CVE-2020-28458 affects datatables.net across all versions due to an incomplete fix enabling Prototype Pollution. Public references indicate a direct exploit surface (prototype pollution) via the datatables.net package, with exploit scripts available targeting vulnerable versions (e.g., datatables...
CVE-2021-23445
CVE-2021-23445 affects datatables.net prior to 1.11.3, where passing an array to the HTML escape entities function could leave contents unescaped, enabling potential XSS. Public references confirm the flaw exists in the package and that upgrading to 1.11.3 fixes the issue (e.g., DataTables releas...