PT-2019-7542 · Select2 · Select2

Uberbrady

Published

2019-03-27

Updated

2022-05-14

CVE-2016-10744

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Select2 versions through 4.0.5

Description The issue allows for XSS in certain use cases, specifically when using Ajax remote data loading and HTML templates to display listbox data. This affects rich selectlists.

Recommendations For versions through 4.0.5, consider disabling the use of HTML templates for displaying listbox data until a patch is available. Restrict access to features that utilize Ajax remote data loading to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-10744

GHSA-RF66-HMQF-Q3FC

Affected Products

Select2

PT-2019-7542 · Select2 · Select2

CVE-2016-10744

Weakness Enumeration

Related Identifiers

Affected Products

References · 7