cvelistv5 - cve-2016-10744

CVE-2016-10744 (GCVE-0-2016-10744)

Vulnerability from cvelistv5

Published

2019-03-27 03:54

Modified

2024-08-06 03:30

Severity ?

CWE

Summary

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.

References

URL

Tags

cve@mitre.org	https://github.com/select2/select2/issues/4587	Third Party Advisory
cve@mitre.org	https://github.com/snipe/snipe-it/pull/6831	Patch, Third Party Advisory
cve@mitre.org	https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/select2/select2/issues/4587	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/snipe/snipe-it/pull/6831	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:30:20.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/snipe/snipe-it/pull/6831"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/select2/select2/issues/4587"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-27T03:54:26",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/snipe/snipe-it/pull/6831"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/select2/select2/issues/4587"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10744",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/snipe/snipe-it/pull/6831",
              "refsource": "MISC",
              "url": "https://github.com/snipe/snipe-it/pull/6831"
            },
            {
              "name": "https://github.com/select2/select2/issues/4587",
              "refsource": "MISC",
              "url": "https://github.com/select2/select2/issues/4587"
            },
            {
              "name": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
              "refsource": "MISC",
              "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10744",
    "datePublished": "2019-03-27T03:54:26",
    "dateReserved": "2019-03-26T00:00:00",
    "dateUpdated": "2024-08-06T03:30:20.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-10744\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-03-27T04:29:00.867\",\"lastModified\":\"2024-11-21T02:44:38.953\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.\"},{\"lang\":\"es\",\"value\":\"En Select2, hasta la versi\u00f3n 4.0.5, tal y como se emplea en Snipe-IT y otros productos, las listas rich select permiten Cross-Site Scripting (XSS). Esto afecta a los casos de uso con la carga de datos remotos cuando se emplean plantillas HTML para mostrar datos de listbox.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:select2:select2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.0.5\",\"matchCriteriaId\":\"8B4E637D-303A-4F18-96C3-1E947C52D153\"}]}]}],\"references\":[{\"url\":\"https://github.com/select2/select2/issues/4587\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/snipe/snipe-it/pull/6831\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/select2/select2/issues/4587\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/snipe/snipe-it/pull/6831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2025-AVI-0914

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Centreon	Web	Web versions 24.10.x antérieures à 24.10.13
Centreon	Web	Web versions 24.04.x antérieures à 24.04.18
Centreon	Web	Web versions 23.10.x antérieures à 23.10.28

References

Title

Publication Time

Tags

Bulletin de sécurité Centreon cve-2025-8430-centreon-web-all-versions-medium-severity-5118	2025-10-15	vendor-advisory
Bulletin de sécurité Centreon cve-2025-54893-centreon-web-all-versions-medium-severity-5120	2025-10-15	vendor-advisory
Bulletin de sécurité Centreon cve-2016-10744-centreon-web-all-versions-medium-severity-5106	2025-10-13	vendor-advisory
Bulletin de sécurité Centreon cve-2025-8429-centreon-web-all-versions-medium-severity-5119	2025-10-15	vendor-advisory
Bulletin de sécurité Centreon cve-2025-8459-centreon-web-all-versions-high-severity-5117	2025-10-15	vendor-advisory
Bulletin de sécurité Centreon cve-2025-8428-centreon-web-all-versions-medium-severity-5103	2025-10-13	vendor-advisory
Bulletin de sécurité Centreon cve-2025-5946-centreon-web-all-versions-high-severity-5104	2025-10-13	vendor-advisory
Bulletin de sécurité Centreon cve-2025-54889-centreon-web-all-versions-medium-severity-5123	2025-10-15	vendor-advisory
Bulletin de sécurité Centreon cve-2025-54891-centreon-web-all-versions-medium-severity-5122	2025-10-15	vendor-advisory
Bulletin de sécurité Centreon centreon-web-all-versions-medium-severity-5105	2025-10-13	vendor-advisory
Bulletin de sécurité Centreon cve-2025-54892-centreon-web-all-versions-medium-severity-5121	2025-10-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.13",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.18",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.28",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-54893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54893"
    },
    {
      "name": "CVE-2025-54892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54892"
    },
    {
      "name": "CVE-2025-5946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5946"
    },
    {
      "name": "CVE-2016-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
    },
    {
      "name": "CVE-2025-54889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54889"
    },
    {
      "name": "CVE-2025-8430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8430"
    },
    {
      "name": "CVE-2025-8429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8429"
    },
    {
      "name": "CVE-2025-8459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8459"
    },
    {
      "name": "CVE-2025-8428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8428"
    },
    {
      "name": "CVE-2025-54891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54891"
    }
  ],
  "initial_release_date": "2025-10-23T00:00:00",
  "last_revision_date": "2025-10-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0914",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
  "vendor_advisories": [
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8430-centreon-web-all-versions-medium-severity-5118",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8430-centreon-web-all-versions-medium-severity-5118"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54893-centreon-web-all-versions-medium-severity-5120",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54893-centreon-web-all-versions-medium-severity-5120"
    },
    {
      "published_at": "2025-10-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2016-10744-centreon-web-all-versions-medium-severity-5106",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2016-10744-centreon-web-all-versions-medium-severity-5106"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8429-centreon-web-all-versions-medium-severity-5119",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8429-centreon-web-all-versions-medium-severity-5119"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8459-centreon-web-all-versions-high-severity-5117",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8459-centreon-web-all-versions-high-severity-5117"
    },
    {
      "published_at": "2025-10-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-8428-centreon-web-all-versions-medium-severity-5103",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-8428-centreon-web-all-versions-medium-severity-5103"
    },
    {
      "published_at": "2025-10-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-5946-centreon-web-all-versions-high-severity-5104",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5946-centreon-web-all-versions-high-severity-5104"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54889-centreon-web-all-versions-medium-severity-5123",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54889-centreon-web-all-versions-medium-severity-5123"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54891-centreon-web-all-versions-medium-severity-5122",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54891-centreon-web-all-versions-medium-severity-5122"
    },
    {
      "published_at": "2025-10-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-medium-severity-5105",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-medium-severity-5105"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-54892-centreon-web-all-versions-medium-severity-5121",
      "url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-54892-centreon-web-all-versions-medium-severity-5121"
    }
  ]
}

CERTFR-2022-AVI-993

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus	Nessus versions antérieures à 10.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2022-21 du 27 octobre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2022-3498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
    },
    {
      "name": "CVE-2021-41182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
    },
    {
      "name": "CVE-2016-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
    },
    {
      "name": "CVE-2022-3499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
    },
    {
      "name": "CVE-2021-41184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
    },
    {
      "name": "CVE-2021-41183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
    }
  ],
  "initial_release_date": "2022-11-04T00:00:00",
  "last_revision_date": "2022-11-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-993",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
      "url": "https://www.tenable.com/security/tns-2022-21"
    }
  ]
}

CERTFR-2022-AVI-962

Vulnerability from certfr_avis

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus	Nessus versions antérieures à 10.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2022-21 du 27 octobre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus versions ant\u00e9rieures \u00e0 10.4.0",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2022-3498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3498"
    },
    {
      "name": "CVE-2021-41182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
    },
    {
      "name": "CVE-2016-10744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10744"
    },
    {
      "name": "CVE-2022-3499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3499"
    },
    {
      "name": "CVE-2021-41184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
    },
    {
      "name": "CVE-2021-41183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
    }
  ],
  "initial_release_date": "2022-10-28T00:00:00",
  "last_revision_date": "2022-10-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-962",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-21 du 27 octobre 2022",
      "url": "https://www.tenable.com/security/tns-2022-21"
    }
  ]
}

cnvd-2019-12131

Vulnerability from cnvd

Title

Select2跨站脚本漏洞

Description

Select2是一款基于jQuery的选择框控件，它支持搜索、远程数据集和结果分页等功能。 Select2 4.0.5及之前版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Severity

中

Patch Name

Select2跨站脚本漏洞的补丁

Patch Description

Select2是一款基于jQuery的选择框控件，它支持搜索、远程数据集和结果分页等功能。 Select2 4.0.5及之前版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a

Reference

https://nvd.nist.gov/vuln/detail/CVE-2016-10744

Impacted products

Name
Select2 Select2 <=4.0.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-10744",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10744"
    }
  },
  "description": "Select2\u662f\u4e00\u6b3e\u57fa\u4e8ejQuery\u7684\u9009\u62e9\u6846\u63a7\u4ef6\uff0c\u5b83\u652f\u6301\u641c\u7d22\u3001\u8fdc\u7a0b\u6570\u636e\u96c6\u548c\u7ed3\u679c\u5206\u9875\u7b49\u529f\u80fd\u3002\n\nSelect2 4.0.5\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "unKnow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-12131",
  "openTime": "2019-04-24",
  "patchDescription": "Select2\u662f\u4e00\u6b3e\u57fa\u4e8ejQuery\u7684\u9009\u62e9\u6846\u63a7\u4ef6\uff0c\u5b83\u652f\u6301\u641c\u7d22\u3001\u8fdc\u7a0b\u6570\u636e\u96c6\u548c\u7ed3\u679c\u5206\u9875\u7b49\u529f\u80fd\u3002\r\n\r\nSelect2 4.0.5\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Select2\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Select2 Select2 \u003c=4.0.5"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2016-10744",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-29",
  "title": "Select2\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

fkie_cve-2016-10744

Vulnerability from fkie_nvd

Published

2019-03-27 04:29

Modified

2024-11-21 02:44

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	https://github.com/select2/select2/issues/4587	Third Party Advisory
cve@mitre.org	https://github.com/snipe/snipe-it/pull/6831	Patch, Third Party Advisory
cve@mitre.org	https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/select2/select2/issues/4587	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/snipe/snipe-it/pull/6831	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	select2	select2	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:select2:select2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B4E637D-303A-4F18-96C3-1E947C52D153",
              "versionEndIncluding": "4.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data."
    },
    {
      "lang": "es",
      "value": "En Select2, hasta la versi\u00f3n 4.0.5, tal y como se emplea en Snipe-IT y otros productos, las listas rich select permiten Cross-Site Scripting (XSS). Esto afecta a los casos de uso con la carga de datos remotos cuando se emplean plantillas HTML para mostrar datos de listbox."
    }
  ],
  "id": "CVE-2016-10744",
  "lastModified": "2024-11-21T02:44:38.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-27T04:29:00.867",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/select2/select2/issues/4587"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/snipe/snipe-it/pull/6831"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/select2/select2/issues/4587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/snipe/snipe-it/pull/6831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2016-10744

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-10744

Aliases

CVE-2016-10744

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-10744",
    "description": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.",
    "id": "GSD-2016-10744"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-10744"
      ],
      "details": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.",
      "id": "GSD-2016-10744",
      "modified": "2023-12-13T01:21:26.702828Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-10744",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/snipe/snipe-it/pull/6831",
            "refsource": "MISC",
            "url": "https://github.com/snipe/snipe-it/pull/6831"
          },
          {
            "name": "https://github.com/select2/select2/issues/4587",
            "refsource": "MISC",
            "url": "https://github.com/select2/select2/issues/4587"
          },
          {
            "name": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
            "refsource": "MISC",
            "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c0",
          "affected_versions": "None",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2022-08-17",
          "description": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.",
          "fixed_versions": [],
          "identifier": "CVE-2016-10744",
          "identifiers": [
            "GHSA-rf66-hmqf-q3fc",
            "CVE-2016-10744"
          ],
          "not_impacted": "",
          "package_slug": "npm/select2",
          "pubdate": "2022-05-14",
          "solution": "",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-10744",
            "https://github.com/select2/select2/issues/4587",
            "https://github.com/snipe/snipe-it/pull/6831",
            "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
            "https://github.com/advisories/GHSA-rf66-hmqf-q3fc"
          ],
          "uuid": "58808c26-80de-4f00-84ec-1c22a2aad0cb"
        },
        {
          "affected_range": "(,4.0.5]",
          "affected_versions": "All versions up to 4.0.5",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2019-03-27",
          "description": "In Select2, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.",
          "fixed_versions": [],
          "identifier": "CVE-2016-10744",
          "identifiers": [
            "CVE-2016-10744"
          ],
          "not_impacted": "",
          "package_slug": "nuget/JSoftCR_Select2",
          "pubdate": "2019-03-27",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-10744",
            "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
            "https://github.com/snipe/snipe-it/pull/6831",
            "https://github.com/select2/select2/issues/4587"
          ],
          "uuid": "d3d281df-3c58-4d10-a6a7-9db197763b4b"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:select2:select2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10744"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
            },
            {
              "name": "https://github.com/snipe/snipe-it/pull/6831",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/snipe/snipe-it/pull/6831"
            },
            {
              "name": "https://github.com/select2/select2/issues/4587",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/select2/select2/issues/4587"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-03-27T16:09Z",
      "publishedDate": "2019-03-27T04:29Z"
    }
  }
}

ghsa-rf66-hmqf-q3fc

Vulnerability from github

Published

2022-05-14 01:14

Modified

2022-07-06 20:04

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Improper Neutralization of Input During Web Page Generation in Select2

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "select2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-10744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:04:29Z",
    "nvd_published_at": "2019-03-27T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.",
  "id": "GHSA-rf66-hmqf-q3fc",
  "modified": "2022-07-06T20:04:29Z",
  "published": "2022-05-14T01:14:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10744"
    },
    {
      "type": "WEB",
      "url": "https://github.com/select2/select2/issues/4587"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snipe/snipe-it/pull/6831"
    },
    {
      "type": "WEB",
      "url": "https://github.com/snipe/snipe-it/pull/6831/commits/5848d9a10c7d62c73ff6a3858edfae96a429402a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/select2/select2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Neutralization of Input During Web Page Generation in Select2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-10744 (GCVE-0-2016-10744)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0914

Vulnerability from certfr_avis

Solutions

CERTFR-2022-AVI-993

Vulnerability from certfr_avis

Solution

CERTFR-2022-AVI-962

Vulnerability from certfr_avis

Solution

cnvd-2019-12131

Vulnerability from cnvd

fkie_cve-2016-10744

Vulnerability from fkie_nvd

gsd-2016-10744

Vulnerability from gsd

ghsa-rf66-hmqf-q3fc

Vulnerability from github

Tags

Sightings

Nomenclature