WordPress Advanced Custom Fields plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress Advanced Custom Fields plugin before 5.8.12, which...

Advanced Custom Fields < 5.8.12 - Cross-Site Scripting in Select2 dropdowns

The plugin did not correctly escape input from Select2 dropdowns, which could lead to Cross-Site Scripting issues...

Select2 Cross-Site Scripting Vulnerability

Select2 is a jQuery based select box control that supports searching, remote datasets and results paging. A cross-site scripting vulnerability exists in Select2 4.0.5 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Cross-site Scripting(XSS)

Select2 as used in snipe/snipe-it is vulnerable to cross-site scripting XSS. Its rich selectlists are not sanitized when loading remote Ajax data, allowing remote attackers to inject arbitrary Javascript into a victim's browser through it...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

Code injection

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2016-10744

CVE-2016-10744 affects Select2 up to version 4.0.5 (as used by products like Snipe-IT). The vulnerability is a cross-site scripting (XSS) flaw in rich selectlists when Ajax remote data is loaded and HTML templates render listbox data. NVD lists CVSS v3.0 base score 6.1 (UI Required, Network vecto...

select2.nqu.edu.tw XSS vulnerability

Vulnerable URL: http://select2.nqu.edu.tw/kmkuas/system/sys00100.jsp?aa=0=1%22--%3E%3Csvg/onload=;prompt/OPENBUGBOUNTY/;%3Eagpro/ag222.jsp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

Select2 Field Widget - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-173

Select2 Field Widget module enables you to use the select2 library for field widgets. The module doesn't sufficiently sanitize some user supplied text, leading to a reflected Cross Site Scripting vulnerability XSS. CVE identifiers issued ACVE identifier will be requested, and added upon issuance,...