Lucene search
K

5 matches found

OSV
OSV
added 2025/05/27 6:3 p.m.6 views

GHSA-WJRH-HJ83-3WH7 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...

8.2CVSS6.9AI score0.00262EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/27 6:3 p.m.19 views

Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...

8.2CVSS6.7AI score0.00262EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/27 3:3 p.m.24 views

CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

8.2CVSS0.00262EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/05/14 1:14 a.m.5 views

@aiursoft/uistack (>=1.0.2 <=1.0.8), @atlassian/aui (>=10.0.0-M09 <=10.0.0-M14) +94 more potentially affected by CVE-2016-10744 via select2 (>=3.4.3 <=4.0.6-rc.1)

select2 NPM version =3.4.3, =1.0.2, =10.0.0-M09, =0.2.4, =0.0.6, =4.5.201903181201, =0.0.1, =1.4.1, =0.1.2, =0.8.4, =3.0.201812052011, =0.3.2, =0.1.0, =0.0.1, =0.1.1, =0.1.11 and more Source cves: CVE-2016-10744 Source advisory: OSV:GHSA-RF66-HMQF-Q3FC...

6.1CVSS6.4AI score0.02183EPSS
Exploits0
CNVD
CNVD
added 2019/03/29 12:0 a.m.2 views

Select2 Cross-Site Scripting Vulnerability

Select2 is a jQuery based select box control that supports searching, remote datasets and results paging. A cross-site scripting vulnerability exists in Select2 4.0.5 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.02183EPSS
Exploits0References1
Rows per page
Query Builder