5 matches found
CVE-2024-9440
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440
Summary: CVE-2024-9440 affects Slim Select, version 2.0–2.9.0. The root cause is in the createOption() function where the user-provided text is assigned to innerHTML without sanitization, enabling cross-site scripting. Impact (as described): Dynamic list generation using unsanitized input may all...
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...
CVE-2024-9440 Slim Select 2.0 createOption "text" XSS
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...