5 matches found
GHSA-WJRH-HJ83-3WH7 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...
CVE-2025-48383 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...
@aiursoft/uistack (>=1.0.2 <=1.0.8), @atlassian/aui (>=10.0.0-M09 <=10.0.0-M14) +94 more potentially affected by CVE-2016-10744 via select2 (>=3.4.3 <=4.0.6-rc.1)
select2 NPM version =3.4.3, =1.0.2, =10.0.0-M09, =0.2.4, =0.0.6, =4.5.201903181201, =0.0.1, =1.4.1, =0.1.2, =0.8.4, =3.0.201812052011, =0.3.2, =0.1.0, =0.0.1, =0.1.1, =0.1.11 and more Source cves: CVE-2016-10744 Source advisory: OSV:GHSA-RF66-HMQF-Q3FC...
Select2 Cross-Site Scripting Vulnerability
Select2 is a jQuery based select box control that supports searching, remote datasets and results paging. A cross-site scripting vulnerability exists in Select2 4.0.5 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...