CVE-2024-9440

CVSS V2 None CVSS V3 None
Description
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available.
Overview
  • CVE ID
  • CVE-2024-9440
  • Assigner
  • VulnCheck
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-02T18:40:05.254Z
  • Last Modified Date
  • 2024-10-02T19:13:30.506Z
History
Created Old Value New Value Data Type Notes
2024-10-07 00:01:52 Added to TrackCVE