Description

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.

Remediation

References

CVE-2016-10744

Related Vulnerabilities

WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)

WordPress Plugin WPS Hide Login Security Bypass (1.9)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3240)

Jboss EAP CVE-2012-5626 Vulnerability (CVE-2012-5626)

WordPress Plugin Theme Editor Arbitrary File Download (2.5)

Severity

Medium

Classification

CVE-2016-10744 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities