We found results for “”
WS-2017-0264
Good to know:
Date: February 21, 2017
In Semantic-UI when using a dropdown and allowing users to type their own additions to a multi select, I am getting an error if the user types in \\ at the end of the text. This appears to be allowing the user to escape outside of the selector and can be used in XSS attacks.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |