Description
The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text.
Remediation
References
https://github.com/zlgxzswjy/BUI-select-xss
Related Vulnerabilities
CVE-2017-16144 Vulnerability in npm package myserver.alexcthomas18
CVE-2020-9447 Vulnerability in maven package com.googlecode.gwtupload:gwtupload-samples
CVE-2023-45277 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core
CVE-2020-28472 Vulnerability in npm package @aws-sdk/shared-ini-file-loader