Description
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Remediation
References
Related Vulnerabilities
WordPress Plugin St-Daily-Tip Cross-Site Request Forgery (4.7)
MySQL CVE-2018-3070 Vulnerability (CVE-2018-3070)
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3752)
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5734)