Описание
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| snipe-it | itp | package |
Связанные уязвимости
CVSS3: 6.3
redhat
почти 7 лет назад
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
CVSS3: 6.1
nvd
почти 7 лет назад
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
CVSS3: 6.1
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in Select2