Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Slim Select 2.0 createOption "text" XSS
Vulnerability Description
Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Slim Select 安全漏洞
Vulnerability Description
Slim Select是Brian Voelker个人开发者的一个高级选择下拉菜单。 Slim Select 2.0版本至2.9.0版本存在安全漏洞,该漏洞源于未清理用户提供的输入动态生成列表,容易受到跨站脚本攻击,从而导致攻击者执行JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A