Vulnerability Details CVE-2016-10744
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/select2/select2/issues/4587
- https://github.com/snipe/snipe-it/pull/6831
- https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a
- https://github.com/select2/select2/issues/4587
- https://github.com/snipe/snipe-it/pull/6831
- https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a
Products affected by CVE-2016-10744
-
cpe:2.3:a:select2:select2:1.0.0
-
cpe:2.3:a:select2:select2:2.1.0
-
cpe:2.3:a:select2:select2:3.0.0
-
cpe:2.3:a:select2:select2:3.1.0
-
cpe:2.3:a:select2:select2:3.2.0
-
cpe:2.3:a:select2:select2:3.3.0
-
cpe:2.3:a:select2:select2:3.3.1
-
cpe:2.3:a:select2:select2:3.3.2
-
cpe:2.3:a:select2:select2:3.4.0
-
cpe:2.3:a:select2:select2:3.4.1
-
cpe:2.3:a:select2:select2:3.4.2
-
cpe:2.3:a:select2:select2:3.4.3
-
cpe:2.3:a:select2:select2:3.4.4
-
cpe:2.3:a:select2:select2:3.4.5
-
cpe:2.3:a:select2:select2:3.4.6
-
cpe:2.3:a:select2:select2:3.4.7
-
cpe:2.3:a:select2:select2:3.4.8
-
cpe:2.3:a:select2:select2:3.5.0
-
cpe:2.3:a:select2:select2:3.5.1
-
cpe:2.3:a:select2:select2:3.5.2
-
cpe:2.3:a:select2:select2:3.5.3
-
cpe:2.3:a:select2:select2:3.5.4
-
cpe:2.3:a:select2:select2:4.0.0
-
cpe:2.3:a:select2:select2:4.0.1
-
cpe:2.3:a:select2:select2:4.0.2
-
cpe:2.3:a:select2:select2:4.0.3
-
cpe:2.3:a:select2:select2:4.0.4
-
cpe:2.3:a:select2:select2:4.0.5