{"id":"CVE-2021-36713","details":"Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.","modified":"2026-03-14T11:02:32.771426Z","published":"2023-03-06T22:15:09.683Z","references":[{"type":"WEB","url":"https://cdn.datatables.net/1.9.2/js/jquery.dataTables.js"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230406-0003/"},{"type":"EVIDENCE","url":"https://gist.github.com/walhajri/711af9b62f6fb25e66a5d9a490deab98"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/datatables/datatables","events":[{"introduced":"0"},{"last_affected":"1bd6b29fe448403e30f8927ed1dedb0d7703b230"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.2"}]}}],"versions":["1.9.0","1.9.1","1.9.2","BETA_1_8_0_1","BETA_1_8_0_4","RELEASE_1_7_0","RELEASE_1_7_1","RELEASE_1_7_2","RELEASE_1_7_3","RELEASE_1_7_4","RELEASE_1_7_5","RELEASE_1_7_6","RELEASE_1_8_0","RELEASE_1_8_0_2","RELEASE_1_8_0_3","RELEASE_1_8_0_4","RELEASE_1_8_1","RELEASE_1_8_2","RELEASE_1_9_0","RELEASE_1_9_0_BETA_3","RELEASE_1_9_0_beta_1","RELEASE_1_9_0_beta_2","RELEASE_1_9_1","RELEASE_1_9_2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36713.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}