12 matches found
EUVD-2024-3121
Malicious code in bioql PyPI...
CVE-2024-9440
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
@briza/air (>=0.1.21 <=0.1.22), @doorons/do-ui (>=1.1.3 <=1.3.6) +7 more potentially affected by CVE-2024-9440 via slim-select (=2.13.1)
slim-select NPM version =2.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on slim-select and may be impacted: - @briza/air =0.1.21, =1.1.3, =0.7.0-beta.2, =0.4.0-beta.8, =4.2.6-alpha.16, =1.0.2, =2.0.0-beta.0, =1.0.9, =2.2.2 Source cves: CVE-2024-94...
Slim Select has potential Cross-site Scripting issue
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
GHSA-QVQV-MCXR-X8QW Slim Select has potential Cross-site Scripting issue
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440
Summary: CVE-2024-9440 affects Slim Select, version 2.0–2.9.0. The root cause is in the createOption() function where the user-provided text is assigned to innerHTML without sanitization, enabling cross-site scripting. Impact (as described): Dynamic list generation using unsanitized input may all...
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
Slim Select 安全漏洞
Slim Select is an advanced select dropdown menu by Brian Voelker Personal Developer. A security vulnerability exists in Slim Select versions 2.0 through 2.9.0, which stems from a dynamically generated list that is not cleaned of user-supplied input, and is susceptible to a cross-site scripting...
PT-2024-39633 · Unknown · Slim Select
Name of the Vulnerable Software and Affected Versions: Slim Select versions 2.0 through 2.9.0 Description: The issue is a potential cross-site scripting vulnerability. In the createOption function, the text variable from the user-provided Options object is assigned to an innerHTML without...