CVE-2016-10744

Опубликовано: 27 мар. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.

Ссылки

https://github.com/select2/select2/issues/4587
Third Party Advisory
https://github.com/snipe/snipe-it/pull/6831
Patch
Third Party Advisory
https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a
Patch
Third Party Advisory
https://github.com/select2/select2/issues/4587
Third Party Advisory
https://github.com/snipe/snipe-it/pull/6831
Patch
Third Party Advisory
https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:select2:select2:*:*:*:*:*:*:*:*

Версия до 4.0.5 (включая)

EPSS

Процентиль: 75%

0.00906

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2016-10744

CVSS3: 6.3

redhat

почти 7 лет назад

CVE-2016-10744

CVSS3: 6.1

debian

почти 7 лет назад

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich ...

GHSA-rf66-hmqf-q3fc

CVSS3: 6.1

github

больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in Select2

EPSS

Процентиль: 75%

0.00906

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79