Description
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-0490 Vulnerability (CVE-2012-0490)
MySQL CVE-2021-2014 Vulnerability (CVE-2021-2014)
WordPress Plugin Bulk Delete Users by Email Cross-Site Request Forgery (1.0)
phpMyAdmin Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-6621)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1460)