3 matches found
Security Bulletin: IBM Process Mining is vulnerable to cross-site scripting due to Select2 CVE-2016-10744
Summary Select2 is used by IBM Process Mining. CVE-2016-10744. Vulnerability Details CVEID:CVE-2016-10744 DESCRIPTION: Select2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the rich selectlists. A remote attacker could exploit this vulnerability to...
CVE-2016-10744
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...
CVE-2016-10744
CVE-2016-10744 affects Select2 up to version 4.0.5 (as used by products like Snipe-IT). The vulnerability is a cross-site scripting (XSS) flaw in rich selectlists when Ajax remote data is loaded and HTML templates render listbox data. NVD lists CVSS v3.0 base score 6.1 (UI Required, Network vecto...