CVE-2016-10744
Published
CVSS v3
N/A
CVSS v2
4.3
MEDIUM
Affected
2
PROJECTS
Description
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results.
GitHub