Lucene search
+L

5 matches found

nvd
nvd
added 2024/10/02 7:15 p.m.14 views

CVE-2024-9440

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

6.1CVSS0.0035EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2024/10/02 6:40 p.m.12 views

CVE-2024-9440 Slim Select 2.0 createOption "text" XSS

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

5.4CVSS6.2AI score0.0035EPSS
Exploits1References3
cve
cve
added 2024/10/02 6:40 p.m.53 views

CVE-2024-9440

Summary: CVE-2024-9440 affects Slim Select, version 2.0–2.9.0. The root cause is in the createOption() function where the user-provided text is assigned to innerHTML without sanitization, enabling cross-site scripting. Impact (as described): Dynamic list generation using unsanitized input may all...

6.1CVSS5.3AI score0.0035EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2024/10/02 6:40 p.m.22 views

CVE-2024-9440 Slim Select 2.0 createOption "text" XSS

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

5.4CVSS0.0035EPSS
Exploits1References3
osv
osv
added 2024/10/02 6:40 p.m.12 views

CVE-2024-9440 Slim Select 2.0 createOption "text" XSS

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

5.4CVSS5.7AI score0.0035EPSS
Exploits1References7
Rows per page
Query Builder