XSS Vulnerability in Select2 through 4.0.5 with Ajax Remote Data Loading and HTML Templates

XSS Vulnerability in Select2 through 4.0.5 with Ajax Remote Data Loading and HTML Templates

CVE-2016-10744 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.

Learn more about our Web Application Penetration Testing UK.