CVE-2024-9440 MEDIUM

CVE-2024-9440: Slim Select 2.0 createOption "text" XSS

Weakness CWE-79 · XSS
Published October 2, 2024
Last update May 14, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption(), the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate lists using unsanitized user-provided input may be vulnerable to cross-site scripting, resulting in attacker executed JavaScript. At this time, no patch is available.

Key dates

02Disclosure timeline

October 2, 2024 CVE published
May 14, 2026 Record updated

Related vulnerabilities

04Related CVE