CVE-2016-10744
Description
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.872
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Nessus Agent (10.4.0) | Windows |
| Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.4.0) | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 10.4.0 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-346981 | Nessus Agent (10.8.4) (Manual Upload Required) |
| PATCH-346982 | Nessus Agent (x64) (10.8.4) (Manual Upload Required) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234