Description
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Countdown and CountUp, WooCommerce Sales Timer Cross-Site Request Forgery (1.5.7)
WordPress Plugin Clockwork SMS Notfications Cross-Site Scripting (2.0.3)
Oracle JRE CVE-2013-1481 Vulnerability (CVE-2013-1481)
ZenCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4322)
Apache HTTP Server CVE-2010-0425 Vulnerability (CVE-2010-0425)