Lucene search
+L

727 matches found

Prion
Prion
added 2019/03/27 4:29 a.m.24 views

Code injection

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

4.3CVSS6.9AI score0.02183EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/03/27 4:29 a.m.19 views

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

6.1CVSS6.1AI score0.02183EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/03/27 3:54 a.m.53 views

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

6.1AI score0.02183EPSS
Exploits0References3
CVE
CVE
added 2019/03/27 3:54 a.m.232 views

CVE-2016-10744

CVE-2016-10744 affects Select2 up to version 4.0.5 (as used by products like Snipe-IT). The vulnerability is a cross-site scripting (XSS) flaw in rich selectlists when Ajax remote data is loaded and HTML templates render listbox data. NVD lists CVSS v3.0 base score 6.1 (UI Required, Network vecto...

6.1CVSS6AI score0.02183EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/03/27 3:54 a.m.50 views

CVE-2019-10118

CVE-2019-10118 relates to Snipe-IT, where versions before 4.6.14 are vulnerable to cross-site scripting (XSS) via log_meta values and the user’s last name in the API. The issue is a client-side input handling flaw that permits injection of arbitrary JavaScript/HTML when data is displayed in a use...

6.1CVSS6.2AI score0.00847EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/27 3:54 a.m.16 views

CVE-2019-10118

Snipe-IT before 4.6.14 has XSS, as demonstrated by logmeta values and the user's last name in the API...

6.2AI score0.00847EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/27 12:0 a.m.7 views

Snipe-IT Cross-Site Scripting Vulnerability

Snipe-IT is an open source IT asset/license management system. A cross-site scripting vulnerability exists in Snipe-IT versions prior to 4.6.14. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00847EPSS
Exploits0References1
Rows per page
Query Builder