npm

Severity: high

Cross-Site Scripting

datatables

Overview

Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.

Remediation

Update to a version greater than 1.10.8.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Onur Yilmaz
    Oct 17th, 2015
  2. published

    Advisory published
    Sep 18th, 2015