CVE-2020-28458

HIGH

datatables.net < 1.10.23 - Prototype Pollution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-28458. PoCs published by fazilbaig1, Raka200juta.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2020-28458, a Prototype Pollution vulnerability in DataTables versions 1.10.16. The exploit sends a crafted payload to pollute the prototype chain, and a scanner to detect DataTables usage.

Description

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

Exploits (2)

nomisec WORKING POC 6 stars

by fazilbaig1 · poc

https://github.com/fazilbaig1/CVE-2020-28458

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-28458, a Prototype Pollution vulnerability in DataTables versions 1.10.16. The exploit sends a crafted payload to pollute the prototype chain, and a scanner to detect DataTables usage.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: DataTables v1.10.16

No auth needed

Prerequisites: Target URL with vulnerable DataTables version

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by Raka200juta · poc

https://github.com/Raka200juta/28458