Uberbrady

Name of the Vulnerable Software and Affected Versions: snipe-it (affected versions not specified) Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This means that the software fails to properly neutralize user input, allowing an attacker to inject malicious code into web pages. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Select2 versions through 4.0.5 **Description** The issue allows for XSS in certain use cases, specifically when using Ajax remote data loading and HTML templates to display listbox data. This affects rich selectlists. **Recommendations** For versions through 4.0.5, consider disabling the use of HTML templates for displaying listbox data until a patch is available. Restrict access to features that utilize Ajax remote data loading to minimize the risk of exploitation.