52 matches found
CVE-2025-48383
The CVE-2025-48383 issue affects Django-Select2: HeavySelect2Mixin subclasses (notably ModelSelect2MultipleWidget and ModelSelect2Widget) can leak secret access tokens across requests, enabling access to restricted query sets/data. The vulnerability is mitigated in version 8.4.1 and later. No exp...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
CVE-2025-48383
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
django-select2 安全漏洞
django-select2 is a Django integration for Select2 by Johannes Maron Personal Developer. A security vulnerability exists in django-select2 versions prior to 8.4.1 that stems from the HeavySelect2Mixin subclass that may disclose access tokens...
PT-2025-23006 · Unknown · Django-Select2
Name of the Vulnerable Software and Affected Versions: Django-Select2 versions prior to 8.4.1 Description: The issue affects instances of HeavySelect2Mixin subclasses, such as the ModelSelect2MultipleWidget and ModelSelect2Widget, allowing secret access tokens to leak across requests. This can...
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...
Malicious Package
Overview jquery.select2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
Malicious code in jquery.select2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6dd7d61b3b3371967b1ec5a01455d7ec3bd6dc3372a8e399b6696c388394419 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM Process Mining is vulnerable to cross-site scripting due to Select2 CVE-2016-10744
Summary Select2 is used by IBM Process Mining. CVE-2016-10744. Vulnerability Details CVEID:CVE-2016-10744 DESCRIPTION: Select2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the rich selectlists. A remote attacker could exploit this vulnerability to...
[R2] Nessus Version 10.4.0 Fixes Multiple Vulnerabilities
R2 Nessus Version 10.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 10/27/2022 - 10:48 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components select2.js, jQuery UI were found to contain vulnerabilities, and updated versions have...
@aiursoft/uistack (>=1.0.2 <=1.0.8), @atlassian/aui (>=10.0.0-M09 <=10.0.0-M14) +94 more potentially affected by CVE-2016-10744 via select2 (>=3.4.3 <=4.0.6-rc.1)
select2 NPM version =3.4.3, =1.0.2, =10.0.0-M09, =0.2.4, =0.0.6, =4.5.201903181201, =0.0.1, =1.4.1, =0.1.2, =0.8.4, =3.0.201812052011, =0.3.2, =0.1.0, =0.0.1, =0.1.1, =0.1.11 and more Source cves: CVE-2016-10744 Source advisory: OSV:GHSA-RF66-HMQF-Q3FC...
GHSA-RF66-HMQF-Q3FC Improper Neutralization of Input During Web Page Generation in Select2
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...
Improper Neutralization of Input During Web Page Generation in Select2
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...
Cross site scripting
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS...