727 matches found
Code injection
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...
CVE-2016-10744
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...
CVE-2016-10744
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...
CVE-2016-10744
CVE-2016-10744 affects Select2 up to version 4.0.5 (as used by products like Snipe-IT). The vulnerability is a cross-site scripting (XSS) flaw in rich selectlists when Ajax remote data is loaded and HTML templates render listbox data. NVD lists CVSS v3.0 base score 6.1 (UI Required, Network vecto...
CVE-2019-10118
CVE-2019-10118 relates to Snipe-IT, where versions before 4.6.14 are vulnerable to cross-site scripting (XSS) via log_meta values and the user’s last name in the API. The issue is a client-side input handling flaw that permits injection of arbitrary JavaScript/HTML when data is displayed in a use...
CVE-2019-10118
Snipe-IT before 4.6.14 has XSS, as demonstrated by logmeta values and the user's last name in the API...
Snipe-IT Cross-Site Scripting Vulnerability
Snipe-IT is an open source IT asset/license management system. A cross-site scripting vulnerability exists in Snipe-IT versions prior to 4.6.14. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...