AIKIDO-2025-10716
jquery.datatables is vulnerable to Cross-site Scripting (XSS)
61
Medium Risk
This Affects:
jquery.datatablesTL;DR
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). If an array is passed to the HTML escape entities function it would not have its contents escaped. jquery.datatables is unmaintained and no longer receiving security updates, so it it is recommended to migrate to the datatables.net library version 1.11.3 or later.
Who does this affect?
You are affected if you are using the jquery.datatables package.
Background info
jquery.datatables is vulnerable to Cross-site Scripting (XSS) in versions 0.0.1 - 1.10.15.
How to fix this
Migrate to the datatables.net library version 1.11.3 or later.
Links
CVE Detail
Other
cdn.datatables.net/1.11.3/lists.debian.org/debian-lts-announce/2023/08/msg00018.htmlsecurity.netapp.com/advisory/ntap-20240621-0006/snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant