12 matches found
EUVD-2024-3121
Malicious code in bioql PyPI...
CVE-2024-9440
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
GHSA-QVQV-MCXR-X8QW Slim Select has potential Cross-site Scripting issue
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
Slim Select has potential Cross-site Scripting issue
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
@briza/air (>=0.1.21 <=0.1.22), @doorons/do-ui (>=1.1.3 <=1.3.6) +7 more potentially affected by CVE-2024-9440 via slim-select (=2.13.1)
slim-select NPM version =2.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on slim-select and may be impacted: - @briza/air =0.1.21, =1.1.3, =0.7.0-beta.2, =0.4.0-beta.8, =4.2.6-alpha.16, =1.0.2, =2.0.0-beta.0, =1.0.9, =2.2.2 Source cves: CVE-2024-94...
CVE-2024-9440
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440
Summary: CVE-2024-9440 affects Slim Select, version 2.0–2.9.0. The root cause is in the createOption() function where the user-provided text is assigned to innerHTML without sanitization, enabling cross-site scripting. Impact (as described): Dynamic list generation using unsanitized input may all...
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
PT-2024-39633 · Unknown · Slim Select
Name of the Vulnerable Software and Affected Versions: Slim Select versions 2.0 through 2.9.0 Description: The issue is a potential cross-site scripting vulnerability. In the createOption function, the text variable from the user-provided Options object is assigned to an innerHTML without...
Slim Select 安全漏洞
Slim Select is an advanced select dropdown menu by Brian Voelker Personal Developer. A security vulnerability exists in Slim Select versions 2.0 through 2.9.0, which stems from a dynamically generated list that is not cleaned of user-supplied input, and is susceptible to a cross-site scripting...