Lucene search
K

5 matches found

NVD
NVD
added 2024/10/02 7:15 p.m.14 views

CVE-2024-9440

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

6.1CVSS0.00341EPSS
Exploits1References3
OSV
OSV
added 2024/10/02 7:15 p.m.12 views

CVE-2024-9440

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

6.1CVSS5.3AI score
Exploits0References3
CVE
CVE
added 2024/10/02 6:40 p.m.53 views

CVE-2024-9440

Summary: CVE-2024-9440 affects Slim Select, version 2.0–2.9.0. The root cause is in the createOption() function where the user-provided text is assigned to innerHTML without sanitization, enabling cross-site scripting. Impact (as described): Dynamic list generation using unsanitized input may all...

6.1CVSS5.3AI score0.00341EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/02 6:40 p.m.12 views

CVE-2024-9440 Slim Select 2.0 createOption "text" XSS

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

5.4CVSS6.2AI score0.00341EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/02 6:40 p.m.20 views

CVE-2024-9440 Slim Select 2.0 createOption "text" XSS

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

5.4CVSS0.00341EPSS
Exploits1References3
Rows per page
Query Builder