-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability stems from the use of innerHTML in the createOption method to set option text. The GitHub commit diff explicitly shows the fix replaced innerHTML with textContent in select.ts line 377. This confirms the unsafe HTML injection point was in this function. The CVE description and patch information directly reference this code location as the source of improper input neutralization.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| slim-select | npm | >= 2.0.0, < 2.9.2 | 2.9.2 |
Ongoing coverage of React2Shell