CVE-2015-6584

NameCVE-2015-6584
DescriptionCross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
datatables.js (PTS)bullseye1.10.21+dfsg-2+deb11u1fixed
sid, trixie, bookworm1.11.5+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
datatables.jssource(unstable)1.10.9+dfsg-1

Notes

http://www.securityfocus.com/archive/1/archive/1/536437/100/0/threaded
https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/
https://github.com/DataTables/DataTables/issues/602
https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d
https://nodesecurity.io/advisories/5
Search for package or bug name: Reporting problems