CVE-2024-9440

Summary

CVE-2024-9440 identifies a cross-site scripting vulnerability affecting Slim Select versions 2.0 through 2.9.0, where unsanitized user input can lead to the execution of arbitrary JavaScript. This vulnerability is present in the createOption() function of the select.ts file, potentially impacting various products that utilize this library for dynamic list generation based on user input. Currently, there is no available patch to remediate this issue, leaving organizations susceptible to attacks that exploit this flaw. The severity of the vulnerability is rated as medium, with an exploitability score of 2.8, indicating low complexity and requiring user interaction for successful exploitation. Organizations are advised to implement input sanitization measures and monitor for updates regarding a fix for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.