VYPR
← All advisories
Moderate severityOSV Advisory· Published Mar 27, 2019· Updated Aug 6, 2024

CVE-2016-10744

CVE-2016-10744

Description

Cross-site scripting (XSS) vulnerability in Select2 <=4.0.5, used in Snipe-IT and other products, via Ajax remote data loading with HTML templates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting (XSS) vulnerability in Select2 <=4.0.5, used in Snipe-IT and other products, via Ajax remote data loading with HTML templates.

Vulnerability

Select2 through version 4.0.5, a jQuery-based replacement for select boxes, contains a stored cross-site scripting (XSS) vulnerability. The flaw occurs when Ajax remote data loading is used in combination with HTML templates to display listbox data. Untrusted data returned from the remote source is not properly sanitized before being rendered in the DOM, allowing injection of arbitrary HTML or JavaScript. This affects any application using Select2 with these features, including Snipe-IT [1][2][4].

Exploitation

An attacker needs to control or poison the remote data source (e.g., by compromising an API endpoint or injecting manipulated data into a valid source). When a user interacts with the select list, the malicious payload embedded in the remote data is executed. No additional user interaction beyond normal use of the dropdown is required once the data is loaded [4].

Impact

Successful exploitation leads to cross-site scripting (XSS), allowing the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can result in session hijacking, data exfiltration, or other actions performed as the authenticated user. The vulnerability affects the confidentiality, integrity, and availability of the application [1][4].

Mitigation

The Select2 library itself has not been patched for this issue as of the latest references. Snipe-IT implemented a workaround in commit 5848d9a by manually escaping HTML entities in the formatDataSelection function [3][4]. Users of Select2 4.0.5 or earlier should avoid using HTML templates with Ajax remote data, or implement client-side escaping similar to the Snipe-IT fix. No official patch from the Select2 project is documented [2].

References
  1. NVD - CVE-2016-10744
  2. GitHub - select2/select2: Select2 is a jQuery based replacement for select boxes. It supports searching, remote data sets, and infinite scrolling of results.
  3. Fixes XSS vulnerabilities by snipe · Pull Request #6831 · grokability/snipe-it
  4. Fixes XSS vulnerabilities by snipe · Pull Request #6831 · grokability/snipe-it

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
select2npm
< 4.0.64.0.6

Affected products

2

Patches

1
dee92cfc6c01

Fixes XSS vulnerabilities (#6831)

https://github.com/snipe/snipe-itsnipeMar 19, 2019via body-scan
commitPR #6831
11 files changed · +8705 71
  • app/Http/Transformers/ActionlogsTransformer.php+13 1 modified
    @@ -26,6 +26,18 @@ public function transformActionlog (Actionlog $actionlog, $settings = null)
         if ($actionlog->filename!='') {
             $icon =  e(\App\Helpers\Helper::filetype_icon($actionlog->filename));
         }
+
+        // This is necessary since we can't escape special characters within a JSON object
+        if (($actionlog->log_meta) && ($actionlog->log_meta!='')) {
+            $meta_array = json_decode($actionlog->log_meta);
+            foreach ($meta_array as $key => $value) {
+                foreach ($value as $meta_key => $meta_value) {
+                    $clean_meta[$key][$meta_key] = e($meta_value);
+                }
+            }
+        }
+
+
         $array = [
             'id'          => (int) $actionlog->id,
             'icon'          => $icon,
@@ -64,7 +76,7 @@ public function transformActionlog (Actionlog $actionlog, $settings = null)
 
             'note'          => ($actionlog->note) ? e($actionlog->note): null,
             'signature_file'   => ($actionlog->accept_signature) ? route('log.signature.view', ['filename' => $actionlog->accept_signature ]) : null,
-            'log_meta'          => ($actionlog->log_meta) ? json_decode($actionlog->log_meta): null,
+            'log_meta'          => ((isset($clean_meta)) && (is_array($clean_meta))) ? $clean_meta: null,
 
 
         ];
  • app/Http/Transformers/UsersTransformer.php+1 1 modified
    @@ -24,7 +24,7 @@ public function transformUser (User $user)
         $array = [
                 'id' => (int) $user->id,
                 'avatar' => e($user->present()->gravatar),
-                'name' => e($user->first_name).' '.($user->last_name),
+                'name' => e($user->first_name).' '.e($user->last_name),
                 'first_name' => e($user->first_name),
                 'last_name' => e($user->last_name),
                 'username' => e($user->username),
  • public/css/build/all.css+600 5 modified
  • public/css/dist/all.css+1 1 modified
    @@ -19,4 +19,4 @@
  * Datepicker for Bootstrap v1.8.0 (https://github.com/uxsolutions/bootstrap-datepicker)
  *
  * Licensed under the Apache License v2.0 (http://www.apache.org/licenses/LICENSE-2.0)
- */.datepicker{padding:4px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;direction:ltr}.datepicker-inline{width:220px}.datepicker-rtl{direction:rtl}.datepicker-rtl.dropdown-menu{left:auto}.datepicker-rtl table tr td span{float:right}.datepicker-dropdown{top:0;left:0}.datepicker-dropdown:before{content:'';display:inline-block;border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #999;border-top:0;border-bottom-color:rgba(0,0,0,.2);position:absolute}.datepicker-dropdown:after{content:'';display:inline-block;border-left:6px solid transparent;border-right:6px solid transparent;border-bottom:6px solid #fff;border-top:0;position:absolute}.datepicker-dropdown.datepicker-orient-left:before{left:6px}.datepicker-dropdown.datepicker-orient-left:after{left:7px}.datepicker-dropdown.datepicker-orient-right:before{right:6px}.datepicker-dropdown.datepicker-orient-right:after{right:7px}.datepicker-dropdown.datepicker-orient-bottom:before{top:-7px}.datepicker-dropdown.datepicker-orient-bottom:after{top:-6px}.datepicker-dropdown.datepicker-orient-top:before{bottom:-7px;border-bottom:0;border-top:7px solid #999}.datepicker-dropdown.datepicker-orient-top:after{bottom:-6px;border-bottom:0;border-top:6px solid #fff}.datepicker table{margin:0;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.datepicker td,.datepicker th{text-align:center;width:20px;height:20px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;border:none}.table-striped .datepicker table tr td,.table-striped .datepicker table tr th{background-color:transparent}.datepicker table tr td.day.focused,.datepicker table tr td.day:hover{background:#eee;cursor:pointer}.datepicker table tr td.new,.datepicker table tr td.old{color:#999}.datepicker table tr td.disabled,.datepicker table tr td.disabled:hover{background:0 0;color:#999;cursor:default}.datepicker table tr td.highlighted{background:#d9edf7;border-radius:0}.datepicker table tr td.today,.datepicker table tr td.today.disabled,.datepicker table tr td.today.disabled:hover,.datepicker table tr td.today:hover{background-color:#fde19a;background-image:-moz-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:-ms-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fdd49a),to(#fdf59a));background-image:-webkit-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:-o-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:linear-gradient(to bottom,#fdd49a,#fdf59a);background-repeat:repeat-x;border-color:#fdf59a #fdf59a #fbed50;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#000}.datepicker table tr td.today.active,.datepicker table tr td.today.disabled,.datepicker table tr td.today.disabled.active,.datepicker table tr td.today.disabled.disabled,.datepicker table tr td.today.disabled:active,.datepicker table tr td.today.disabled:hover,.datepicker table tr td.today.disabled:hover.active,.datepicker table tr td.today.disabled:hover.disabled,.datepicker table tr td.today.disabled:hover:active,.datepicker table tr td.today.disabled:hover:hover,.datepicker table tr td.today.disabled:hover[disabled],.datepicker table tr td.today.disabled[disabled],.datepicker table tr td.today:active,.datepicker table tr td.today:hover,.datepicker table tr td.today:hover.active,.datepicker table tr td.today:hover.disabled,.datepicker table tr td.today:hover:active,.datepicker table tr td.today:hover:hover,.datepicker table tr td.today:hover[disabled],.datepicker table tr td.today[disabled]{background-color:#fdf59a}.datepicker table tr td.today:hover:hover{color:#000}.datepicker table tr td.today.active:hover{color:#fff}.datepicker table tr td.range,.datepicker table tr td.range.disabled,.datepicker table tr td.range.disabled:hover,.datepicker table tr td.range:hover{background:#eee;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.datepicker table tr td.range.today,.datepicker table tr td.range.today.disabled,.datepicker table tr td.range.today.disabled:hover,.datepicker table tr td.range.today:hover{background-color:#f3d17a;background-image:-moz-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:-ms-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f3c17a),to(#f3e97a));background-image:-webkit-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:-o-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:linear-gradient(to bottom,#f3c17a,#f3e97a);background-repeat:repeat-x;border-color:#f3e97a #f3e97a #edde34;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.datepicker table tr td.range.today.active,.datepicker table tr td.range.today.disabled,.datepicker table tr td.range.today.disabled.active,.datepicker table tr td.range.today.disabled.disabled,.datepicker table tr td.range.today.disabled:active,.datepicker table tr td.range.today.disabled:hover,.datepicker table tr td.range.today.disabled:hover.active,.datepicker table tr td.range.today.disabled:hover.disabled,.datepicker table tr td.range.today.disabled:hover:active,.datepicker table tr td.range.today.disabled:hover:hover,.datepicker table tr td.range.today.disabled:hover[disabled],.datepicker table tr td.range.today.disabled[disabled],.datepicker table tr td.range.today:active,.datepicker table tr td.range.today:hover,.datepicker table tr td.range.today:hover.active,.datepicker table tr td.range.today:hover.disabled,.datepicker table tr td.range.today:hover:active,.datepicker table tr td.range.today:hover:hover,.datepicker table tr td.range.today:hover[disabled],.datepicker table tr td.range.today[disabled]{background-color:#f3e97a}.datepicker table tr td.selected,.datepicker table tr td.selected.disabled,.datepicker table tr td.selected.disabled:hover,.datepicker table tr td.selected:hover{background-color:#9e9e9e;background-image:-moz-linear-gradient(to bottom,#b3b3b3,grey);background-image:-ms-linear-gradient(to bottom,#b3b3b3,grey);background-image:-webkit-gradient(linear,0 0,0 100%,from(#b3b3b3),to(grey));background-image:-webkit-linear-gradient(to bottom,#b3b3b3,grey);background-image:-o-linear-gradient(to bottom,#b3b3b3,grey);background-image:linear-gradient(to bottom,#b3b3b3,grey);background-repeat:repeat-x;border-color:grey grey #595959;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,.25)}.datepicker table tr td.selected.active,.datepicker table tr td.selected.disabled,.datepicker table tr td.selected.disabled.active,.datepicker table tr td.selected.disabled.disabled,.datepicker table tr td.selected.disabled:active,.datepicker table tr td.selected.disabled:hover,.datepicker table tr td.selected.disabled:hover.active,.datepicker table tr td.selected.disabled:hover.disabled,.datepicker table tr td.selected.disabled:hover:active,.datepicker table tr td.selected.disabled:hover:hover,.datepicker table tr td.selected.disabled:hover[disabled],.datepicker table tr td.selected.disabled[disabled],.datepicker table tr td.selected:active,.datepicker table tr td.selected:hover,.datepicker table tr td.selected:hover.active,.datepicker table tr td.selected:hover.disabled,.datepicker table tr td.selected:hover:active,.datepicker table tr td.selected:hover:hover,.datepicker table tr td.selected:hover[disabled],.datepicker table tr td.selected[disabled]{background-color:grey}.datepicker table tr td.active,.datepicker table tr td.active.disabled,.datepicker table tr td.active.disabled:hover,.datepicker table tr td.active:hover{background-color:#006dcc;background-image:-moz-linear-gradient(to bottom,#08c,#04c);background-image:-ms-linear-gradient(to bottom,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(to bottom,#08c,#04c);background-image:-o-linear-gradient(to bottom,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,.25)}.datepicker table tr td.active.active,.datepicker table tr td.active.disabled,.datepicker table tr td.active.disabled.active,.datepicker table tr td.active.disabled.disabled,.datepicker table tr td.active.disabled:active,.datepicker table tr td.active.disabled:hover,.datepicker table tr td.active.disabled:hover.active,.datepicker table tr td.active.disabled:hover.disabled,.datepicker table tr td.active.disabled:hover:active,.datepicker table tr td.active.disabled:hover:hover,.datepicker table tr td.active.disabled:hover[disabled],.datepicker table tr td.active.disabled[disabled],.datepicker table tr td.active:active,.datepicker table tr td.active:hover,.datepicker table tr td.active:hover.active,.datepicker table tr td.active:hover.disabled,.datepicker table tr td.active:hover:active,.datepicker table tr td.active:hover:hover,.datepicker table tr td.active:hover[disabled],.datepicker table tr td.active[disabled]{background-color:#04c}.datepicker table tr td span{display:block;width:23%;height:54px;line-height:54px;float:left;margin:1%;cursor:pointer;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.datepicker table tr td span.focused,.datepicker table tr td span:hover{background:#eee}.datepicker table tr td span.disabled,.datepicker table tr td span.disabled:hover{background:0 0;color:#999;cursor:default}.datepicker table tr td span.active,.datepicker table tr td span.active.disabled,.datepicker table tr td span.active.disabled:hover,.datepicker table tr td span.active:hover{background-color:#006dcc;background-image:-moz-linear-gradient(to bottom,#08c,#04c);background-image:-ms-linear-gradient(to bottom,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(to bottom,#08c,#04c);background-image:-o-linear-gradient(to bottom,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,.25)}.datepicker table tr td span.active.active,.datepicker table tr td span.active.disabled,.datepicker table tr td span.active.disabled.active,.datepicker table tr td span.active.disabled.disabled,.datepicker table tr td span.active.disabled:active,.datepicker table tr td span.active.disabled:hover,.datepicker table tr td span.active.disabled:hover.active,.datepicker table tr td span.active.disabled:hover.disabled,.datepicker table tr td span.active.disabled:hover:active,.datepicker table tr td span.active.disabled:hover:hover,.datepicker table tr td span.active.disabled:hover[disabled],.datepicker table tr td span.active.disabled[disabled],.datepicker table tr td span.active:active,.datepicker table tr td span.active:hover,.datepicker table tr td span.active:hover.active,.datepicker table tr td span.active:hover.disabled,.datepicker table tr td span.active:hover:active,.datepicker table tr td span.active:hover:hover,.datepicker table tr td span.active:hover[disabled],.datepicker table tr td span.active[disabled]{background-color:#04c}.datepicker table tr td span.new,.datepicker table tr td span.old{color:#999}.datepicker .datepicker-switch{width:145px}.datepicker .datepicker-switch,.datepicker .next,.datepicker .prev,.datepicker tfoot tr th{cursor:pointer}.datepicker .datepicker-switch:hover,.datepicker .next:hover,.datepicker .prev:hover,.datepicker tfoot tr th:hover{background:#eee}.datepicker .next.disabled,.datepicker .prev.disabled{visibility:hidden}.datepicker .cw{font-size:10px;width:12px;padding:0 2px 0 5px;vertical-align:middle}.input-append.date .add-on,.input-prepend.date .add-on{cursor:pointer}.input-append.date .add-on i,.input-prepend.date .add-on i{margin-top:3px}.input-daterange input{text-align:center}.input-daterange input:first-child{-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.input-daterange input:last-child{-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.input-daterange .add-on{display:inline-block;width:auto;min-width:16px;height:20px;padding:4px 5px;font-weight:400;line-height:20px;text-align:center;text-shadow:0 1px 0 #fff;vertical-align:middle;background-color:#eee;border:1px solid #ccc;margin-left:-5px;margin-right:-5px}.datepicker.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;float:left;display:none;min-width:160px;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,.2);-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,.2);box-shadow:0 5px 10px rgba(0,0,0,.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box;color:#333;font-size:13px;line-height:20px}.datepicker.datepicker-inline td,.datepicker.datepicker-inline th,.datepicker.dropdown-menu td,.datepicker.dropdown-menu th{padding:4px 5px}.fix-sticky{position:fixed;z-index:100}.fix-sticky thead{background:#fff}.fix-sticky thead th,.fix-sticky thead th:first-child{border-left:0;border-right:0;border-bottom:1px solid #eee;border-radius:0}.skin-blue .main-header .logo{background-color:inherit}.main-header .logo{width:100%!important;white-space:nowrap;text-align:left;display:block;clear:both}.huge{font-size:40px}.btn-file{position:relative;overflow:hidden}.dropdown-menu>li>a{color:#354044}#sort tr.cansort{border-radius:2px;padding:10px;background:#f4f4f4;margin-bottom:3px;border-left:2px solid #e6e7e8;color:#444;cursor:move}.user-image-inline{float:left;width:25px;height:25px;border-radius:50%;margin-right:10px}.input-group .input-group-addon{background-color:#f4f4f4}a.accordion-header{color:#333}.dynamic-form-row{padding:10px;margin:20px}.handle{padding-left:10px}.btn-file input[type=file]{position:absolute;top:0;right:0;min-width:100%;min-height:100%;font-size:100px;text-align:right;opacity:0;outline:0;background:#fff;cursor:inherit;display:block}.main-footer{font-size:13px}.main-header{max-height:150px}.navbar-nav>.user-menu>.dropdown-menu{width:inherit}.main-header .logo{padding:0 5px 0 15px}.sidebar-toggle{margin-left:-48px;z-index:100;background-color:inherit}.sidebar-toggle-mobile{z-index:100;width:50px;padding-top:10px}.main-header .sidebar-toggle:before{content:"\F0C9"}.direct-chat-contacts{padding:10px;height:150px}.select2-container{width:100%}.error input{color:#dd4b39;border:2px solid #dd4b39!important}.alert-msg,.error label{color:#dd4b39;display:block}.input-group[class*=col-]{padding-right:15px;padding-left:15px}.control-label.multiline{padding-top:10px}.btn-outline{color:inherit;background-color:transparent;-webkit-transition:all .5s;transition:all .5s}.btn-primary.btn-outline{color:#428bca}.btn-success.btn-outline{color:#5cb85c}.btn-info.btn-outline{color:#5bc0de}.btn-warning.btn-outline{color:#f0ad4e}.btn-danger.btn-outline{color:#d9534f}.btn-danger.btn-outline:hover,.btn-info.btn-outline:hover,.btn-primary.btn-outline:hover,.btn-success.btn-outline:hover,.btn-warning.btn-outline:hover{color:#fff}.slideout-menu{position:fixed;top:0;right:-250px;width:250px;height:100%;background:#333;z-index:100;margin-top:100px;color:#fff;padding:10px}.slideout-menu h3{position:relative;padding:5px;color:#fff;font-size:1.2em;font-weight:400;border-bottom:4px solid #222}.slideout-menu .slideout-menu-toggle{position:absolute;top:12px;right:10px;display:inline-block;padding:6px 9px 5px;font-family:Arial,sans-serif;font-weight:700;line-height:1;background:#222;color:#999;text-decoration:none;vertical-align:top}.slideout-menu .slideout-menu-toggle:hover{color:#fff}.slideout-menu ul{list-style:none;font-weight:300;border-top:1px solid #151515;border-bottom:1px solid #454545}.slideout-menu ul li{border-top:1px solid #454545;border-bottom:1px solid #151515}.slideout-menu ul li a{position:relative;display:block;padding:10px;color:#999;text-decoration:none}.slideout-menu ul li a:hover{background:#000;color:#fff}.slideout-menu ul li a i{position:absolute;top:15px;right:10px;opacity:.5}.btn-box-tool-lg{font-size:16px;color:orange}.bs-wizard{margin-top:20px;border-bottom:1px solid #e0e0e0;padding:0 0 10px}.bs-wizard>.bs-wizard-step{padding:0;position:relative}.bs-wizard>.bs-wizard-step .bs-wizard-stepnum{color:#595959;font-size:16px;margin-bottom:5px}.bs-wizard>.bs-wizard-step .bs-wizard-info{color:#999;font-size:14px}.bs-wizard>.bs-wizard-step>.bs-wizard-dot{position:absolute;width:30px;height:30px;display:block;background:#fbe8aa;top:45px;left:50%;margin-top:-15px;margin-left:-15px;border-radius:50%}.bs-wizard>.bs-wizard-step>.bs-wizard-dot:after{content:" ";width:14px;height:14px;background:#fbbd19;border-radius:50px;position:absolute;top:8px;left:8px}.bs-wizard>.bs-wizard-step>.progress{position:relative;border-radius:0;height:8px;-webkit-box-shadow:none;box-shadow:none;margin:20px 0}.bs-wizard>.bs-wizard-step>.progress>.progress-bar{width:0;-webkit-box-shadow:none;box-shadow:none;background:#fbe8aa}.bs-wizard>.bs-wizard-step.complete>.progress>.progress-bar{width:100%}.bs-wizard>.bs-wizard-step.active>.progress>.progress-bar{width:50%}.bs-wizard>.bs-wizard-step:first-child.active>.progress>.progress-bar{width:0}.bs-wizard>.bs-wizard-step:last-child.active>.progress>.progress-bar{width:100%}.bs-wizard>.bs-wizard-step.disabled>.bs-wizard-dot{background-color:#f5f5f5}.bs-wizard>.bs-wizard-step.disabled>.bs-wizard-dot:after{opacity:0}.bs-wizard>.bs-wizard-step:first-child>.progress{left:50%;width:50%}.bs-wizard>.bs-wizard-step:last-child>.progress{width:50%}.bs-wizard>.bs-wizard-step.disabled a.bs-wizard-dot{pointer-events:none}.left-navblock{display:inline-block;float:left;text-align:left;color:#fff;padding:0}.skin-blue .main-header .navbar .dropdown-menu li a{color:#333}a.logo.no-hover a:hover{background-color:transparent}.required{border-right:6px solid orange}body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;font-size:13px}.sidebar-menu{font-size:14px;white-space:normal}@media print{a[href]:after{content:none}.tab-content>.tab-pane{display:block!important;opacity:1!important;visibility:visible!important}}.navbar-brand>img,img.navbar-brand-img{float:left;padding:5px 5px 5px 0;max-height:50px}.input-daterange{border-radius:0}.btn.bg-maroon,.btn.bg-purple{min-width:90px}[hidden]{display:none!important}#toolbar{margin-top:10px}#uploadPreview{border:1px solid grey}.icon-med{font-size:20px;color:#889195}#login-logo{padding-top:20px;padding-bottom:10px;max-width:200px}
\ No newline at end of file
+ */.datepicker{padding:4px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;direction:ltr}.datepicker-inline{width:220px}.datepicker-rtl{direction:rtl}.datepicker-rtl.dropdown-menu{left:auto}.datepicker-rtl table tr td span{float:right}.datepicker-dropdown{top:0;left:0}.datepicker-dropdown:before{content:'';display:inline-block;border-left:7px solid transparent;border-right:7px solid transparent;border-bottom:7px solid #999;border-top:0;border-bottom-color:rgba(0,0,0,.2);position:absolute}.datepicker-dropdown:after{content:'';display:inline-block;border-left:6px solid transparent;border-right:6px solid transparent;border-bottom:6px solid #fff;border-top:0;position:absolute}.datepicker-dropdown.datepicker-orient-left:before{left:6px}.datepicker-dropdown.datepicker-orient-left:after{left:7px}.datepicker-dropdown.datepicker-orient-right:before{right:6px}.datepicker-dropdown.datepicker-orient-right:after{right:7px}.datepicker-dropdown.datepicker-orient-bottom:before{top:-7px}.datepicker-dropdown.datepicker-orient-bottom:after{top:-6px}.datepicker-dropdown.datepicker-orient-top:before{bottom:-7px;border-bottom:0;border-top:7px solid #999}.datepicker-dropdown.datepicker-orient-top:after{bottom:-6px;border-bottom:0;border-top:6px solid #fff}.datepicker table{margin:0;-webkit-touch-callout:none;-webkit-user-select:none;-khtml-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.datepicker td,.datepicker th{text-align:center;width:20px;height:20px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;border:none}.table-striped .datepicker table tr td,.table-striped .datepicker table tr th{background-color:transparent}.datepicker table tr td.day.focused,.datepicker table tr td.day:hover{background:#eee;cursor:pointer}.datepicker table tr td.new,.datepicker table tr td.old{color:#999}.datepicker table tr td.disabled,.datepicker table tr td.disabled:hover{background:0 0;color:#999;cursor:default}.datepicker table tr td.highlighted{background:#d9edf7;border-radius:0}.datepicker table tr td.today,.datepicker table tr td.today.disabled,.datepicker table tr td.today.disabled:hover,.datepicker table tr td.today:hover{background-color:#fde19a;background-image:-moz-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:-ms-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fdd49a),to(#fdf59a));background-image:-webkit-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:-o-linear-gradient(to bottom,#fdd49a,#fdf59a);background-image:linear-gradient(to bottom,#fdd49a,#fdf59a);background-repeat:repeat-x;border-color:#fdf59a #fdf59a #fbed50;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#000}.datepicker table tr td.today.active,.datepicker table tr td.today.disabled,.datepicker table tr td.today.disabled.active,.datepicker table tr td.today.disabled.disabled,.datepicker table tr td.today.disabled:active,.datepicker table tr td.today.disabled:hover,.datepicker table tr td.today.disabled:hover.active,.datepicker table tr td.today.disabled:hover.disabled,.datepicker table tr td.today.disabled:hover:active,.datepicker table tr td.today.disabled:hover:hover,.datepicker table tr td.today.disabled:hover[disabled],.datepicker table tr td.today.disabled[disabled],.datepicker table tr td.today:active,.datepicker table tr td.today:hover,.datepicker table tr td.today:hover.active,.datepicker table tr td.today:hover.disabled,.datepicker table tr td.today:hover:active,.datepicker table tr td.today:hover:hover,.datepicker table tr td.today:hover[disabled],.datepicker table tr td.today[disabled]{background-color:#fdf59a}.datepicker table tr td.today:hover:hover{color:#000}.datepicker table tr td.today.active:hover{color:#fff}.datepicker table tr td.range,.datepicker table tr td.range.disabled,.datepicker table tr td.range.disabled:hover,.datepicker table tr td.range:hover{background:#eee;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.datepicker table tr td.range.today,.datepicker table tr td.range.today.disabled,.datepicker table tr td.range.today.disabled:hover,.datepicker table tr td.range.today:hover{background-color:#f3d17a;background-image:-moz-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:-ms-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f3c17a),to(#f3e97a));background-image:-webkit-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:-o-linear-gradient(to bottom,#f3c17a,#f3e97a);background-image:linear-gradient(to bottom,#f3c17a,#f3e97a);background-repeat:repeat-x;border-color:#f3e97a #f3e97a #edde34;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.datepicker table tr td.range.today.active,.datepicker table tr td.range.today.disabled,.datepicker table tr td.range.today.disabled.active,.datepicker table tr td.range.today.disabled.disabled,.datepicker table tr td.range.today.disabled:active,.datepicker table tr td.range.today.disabled:hover,.datepicker table tr td.range.today.disabled:hover.active,.datepicker table tr td.range.today.disabled:hover.disabled,.datepicker table tr td.range.today.disabled:hover:active,.datepicker table tr td.range.today.disabled:hover:hover,.datepicker table tr td.range.today.disabled:hover[disabled],.datepicker table tr td.range.today.disabled[disabled],.datepicker table tr td.range.today:active,.datepicker table tr td.range.today:hover,.datepicker table tr td.range.today:hover.active,.datepicker table tr td.range.today:hover.disabled,.datepicker table tr td.range.today:hover:active,.datepicker table tr td.range.today:hover:hover,.datepicker table tr td.range.today:hover[disabled],.datepicker table tr td.range.today[disabled]{background-color:#f3e97a}.datepicker table tr td.selected,.datepicker table tr td.selected.disabled,.datepicker table tr td.selected.disabled:hover,.datepicker table tr td.selected:hover{background-color:#9e9e9e;background-image:-moz-linear-gradient(to bottom,#b3b3b3,grey);background-image:-ms-linear-gradient(to bottom,#b3b3b3,grey);background-image:-webkit-gradient(linear,0 0,0 100%,from(#b3b3b3),to(grey));background-image:-webkit-linear-gradient(to bottom,#b3b3b3,grey);background-image:-o-linear-gradient(to bottom,#b3b3b3,grey);background-image:linear-gradient(to bottom,#b3b3b3,grey);background-repeat:repeat-x;border-color:grey grey #595959;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,.25)}.datepicker table tr td.selected.active,.datepicker table tr td.selected.disabled,.datepicker table tr td.selected.disabled.active,.datepicker table tr td.selected.disabled.disabled,.datepicker table tr td.selected.disabled:active,.datepicker table tr td.selected.disabled:hover,.datepicker table tr td.selected.disabled:hover.active,.datepicker table tr td.selected.disabled:hover.disabled,.datepicker table tr td.selected.disabled:hover:active,.datepicker table tr td.selected.disabled:hover:hover,.datepicker table tr td.selected.disabled:hover[disabled],.datepicker table tr td.selected.disabled[disabled],.datepicker table tr td.selected:active,.datepicker table tr td.selected:hover,.datepicker table tr td.selected:hover.active,.datepicker table tr td.selected:hover.disabled,.datepicker table tr td.selected:hover:active,.datepicker table tr td.selected:hover:hover,.datepicker table tr td.selected:hover[disabled],.datepicker table tr td.selected[disabled]{background-color:grey}.datepicker table tr td.active,.datepicker table tr td.active.disabled,.datepicker table tr td.active.disabled:hover,.datepicker table tr td.active:hover{background-color:#006dcc;background-image:-moz-linear-gradient(to bottom,#08c,#04c);background-image:-ms-linear-gradient(to bottom,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(to bottom,#08c,#04c);background-image:-o-linear-gradient(to bottom,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,.25)}.datepicker table tr td.active.active,.datepicker table tr td.active.disabled,.datepicker table tr td.active.disabled.active,.datepicker table tr td.active.disabled.disabled,.datepicker table tr td.active.disabled:active,.datepicker table tr td.active.disabled:hover,.datepicker table tr td.active.disabled:hover.active,.datepicker table tr td.active.disabled:hover.disabled,.datepicker table tr td.active.disabled:hover:active,.datepicker table tr td.active.disabled:hover:hover,.datepicker table tr td.active.disabled:hover[disabled],.datepicker table tr td.active.disabled[disabled],.datepicker table tr td.active:active,.datepicker table tr td.active:hover,.datepicker table tr td.active:hover.active,.datepicker table tr td.active:hover.disabled,.datepicker table tr td.active:hover:active,.datepicker table tr td.active:hover:hover,.datepicker table tr td.active:hover[disabled],.datepicker table tr td.active[disabled]{background-color:#04c}.datepicker table tr td span{display:block;width:23%;height:54px;line-height:54px;float:left;margin:1%;cursor:pointer;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.datepicker table tr td span.focused,.datepicker table tr td span:hover{background:#eee}.datepicker table tr td span.disabled,.datepicker table tr td span.disabled:hover{background:0 0;color:#999;cursor:default}.datepicker table tr td span.active,.datepicker table tr td span.active.disabled,.datepicker table tr td span.active.disabled:hover,.datepicker table tr td span.active:hover{background-color:#006dcc;background-image:-moz-linear-gradient(to bottom,#08c,#04c);background-image:-ms-linear-gradient(to bottom,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(to bottom,#08c,#04c);background-image:-o-linear-gradient(to bottom,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,.1) rgba(0,0,0,.1) rgba(0,0,0,.25);color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,.25)}.datepicker table tr td span.active.active,.datepicker table tr td span.active.disabled,.datepicker table tr td span.active.disabled.active,.datepicker table tr td span.active.disabled.disabled,.datepicker table tr td span.active.disabled:active,.datepicker table tr td span.active.disabled:hover,.datepicker table tr td span.active.disabled:hover.active,.datepicker table tr td span.active.disabled:hover.disabled,.datepicker table tr td span.active.disabled:hover:active,.datepicker table tr td span.active.disabled:hover:hover,.datepicker table tr td span.active.disabled:hover[disabled],.datepicker table tr td span.active.disabled[disabled],.datepicker table tr td span.active:active,.datepicker table tr td span.active:hover,.datepicker table tr td span.active:hover.active,.datepicker table tr td span.active:hover.disabled,.datepicker table tr td span.active:hover:active,.datepicker table tr td span.active:hover:hover,.datepicker table tr td span.active:hover[disabled],.datepicker table tr td span.active[disabled]{background-color:#04c}.datepicker table tr td span.new,.datepicker table tr td span.old{color:#999}.datepicker .datepicker-switch{width:145px}.datepicker .datepicker-switch,.datepicker .next,.datepicker .prev,.datepicker tfoot tr th{cursor:pointer}.datepicker .datepicker-switch:hover,.datepicker .next:hover,.datepicker .prev:hover,.datepicker tfoot tr th:hover{background:#eee}.datepicker .next.disabled,.datepicker .prev.disabled{visibility:hidden}.datepicker .cw{font-size:10px;width:12px;padding:0 2px 0 5px;vertical-align:middle}.input-append.date .add-on,.input-prepend.date .add-on{cursor:pointer}.input-append.date .add-on i,.input-prepend.date .add-on i{margin-top:3px}.input-daterange input{text-align:center}.input-daterange input:first-child{-webkit-border-radius:3px 0 0 3px;-moz-border-radius:3px 0 0 3px;border-radius:3px 0 0 3px}.input-daterange input:last-child{-webkit-border-radius:0 3px 3px 0;-moz-border-radius:0 3px 3px 0;border-radius:0 3px 3px 0}.input-daterange .add-on{display:inline-block;width:auto;min-width:16px;height:20px;padding:4px 5px;font-weight:400;line-height:20px;text-align:center;text-shadow:0 1px 0 #fff;vertical-align:middle;background-color:#eee;border:1px solid #ccc;margin-left:-5px;margin-right:-5px}.datepicker.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;float:left;display:none;min-width:160px;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,.2);-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,.2);box-shadow:0 5px 10px rgba(0,0,0,.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box;color:#333;font-size:13px;line-height:20px}.datepicker.datepicker-inline td,.datepicker.datepicker-inline th,.datepicker.dropdown-menu td,.datepicker.dropdown-menu th{padding:4px 5px}.fix-sticky{position:fixed;z-index:100}.fix-sticky thead{background:#fff}.fix-sticky thead th,.fix-sticky thead th:first-child{border-left:0;border-right:0;border-bottom:1px solid #eee;border-radius:0}.skin-blue .main-header .logo{background-color:inherit}.main-header .logo{width:100%!important;white-space:nowrap;text-align:left;display:block;clear:both}.huge{font-size:40px}.btn-file{position:relative;overflow:hidden}.dropdown-menu>li>a{color:#354044}#sort tr.cansort{border-radius:2px;padding:10px;background:#f4f4f4;margin-bottom:3px;border-left:2px solid #e6e7e8;color:#444;cursor:move}.user-image-inline{float:left;width:25px;height:25px;border-radius:50%;margin-right:10px}.input-group .input-group-addon{background-color:#f4f4f4}a.accordion-header{color:#333}.dynamic-form-row{padding:10px;margin:20px}.handle{padding-left:10px}.btn-file input[type=file]{position:absolute;top:0;right:0;min-width:100%;min-height:100%;font-size:100px;text-align:right;opacity:0;outline:0;background:#fff;cursor:inherit;display:block}.main-footer{font-size:13px}.main-header{max-height:150px}.navbar-nav>.user-menu>.dropdown-menu{width:inherit}.main-header .logo{padding:0 5px 0 15px}.sidebar-toggle{margin-left:-48px;z-index:100;background-color:inherit}.sidebar-toggle-mobile{z-index:100;width:50px;padding-top:10px}.main-header .sidebar-toggle:before{content:"\F0C9"}.direct-chat-contacts{padding:10px;height:150px}.select2-container{width:100%}.error input{color:#dd4b39;border:2px solid #dd4b39!important}.alert-msg,.error label{color:#dd4b39;display:block}.input-group[class*=col-]{padding-right:15px;padding-left:15px}.control-label.multiline{padding-top:10px}.btn-outline{color:inherit;background-color:transparent;-webkit-transition:all .5s;transition:all .5s}.btn-primary.btn-outline{color:#428bca}.btn-success.btn-outline{color:#5cb85c}.btn-info.btn-outline{color:#5bc0de}.btn-warning.btn-outline{color:#f0ad4e}.btn-danger.btn-outline{color:#d9534f}.btn-danger.btn-outline:hover,.btn-info.btn-outline:hover,.btn-primary.btn-outline:hover,.btn-success.btn-outline:hover,.btn-warning.btn-outline:hover{color:#fff}.slideout-menu{position:fixed;top:0;right:-250px;width:250px;height:100%;background:#333;z-index:100;margin-top:100px;color:#fff;padding:10px}.slideout-menu h3{position:relative;padding:5px;color:#fff;font-size:1.2em;font-weight:400;border-bottom:4px solid #222}.slideout-menu .slideout-menu-toggle{position:absolute;top:12px;right:10px;display:inline-block;padding:6px 9px 5px;font-family:Arial,sans-serif;font-weight:700;line-height:1;background:#222;color:#999;text-decoration:none;vertical-align:top}.slideout-menu .slideout-menu-toggle:hover{color:#fff}.slideout-menu ul{list-style:none;font-weight:300;border-top:1px solid #151515;border-bottom:1px solid #454545}.slideout-menu ul li{border-top:1px solid #454545;border-bottom:1px solid #151515}.slideout-menu ul li a{position:relative;display:block;padding:10px;color:#999;text-decoration:none}.slideout-menu ul li a:hover{background:#000;color:#fff}.slideout-menu ul li a i{position:absolute;top:15px;right:10px;opacity:.5}.btn-box-tool-lg{font-size:16px;color:orange}.bs-wizard{margin-top:20px;border-bottom:1px solid #e0e0e0;padding:0 0 10px}.bs-wizard>.bs-wizard-step{padding:0;position:relative}.bs-wizard>.bs-wizard-step .bs-wizard-stepnum{color:#595959;font-size:16px;margin-bottom:5px}.bs-wizard>.bs-wizard-step .bs-wizard-info{color:#999;font-size:14px}.bs-wizard>.bs-wizard-step>.bs-wizard-dot{position:absolute;width:30px;height:30px;display:block;background:#fbe8aa;top:45px;left:50%;margin-top:-15px;margin-left:-15px;border-radius:50%}.bs-wizard>.bs-wizard-step>.bs-wizard-dot:after{content:" ";width:14px;height:14px;background:#fbbd19;border-radius:50px;position:absolute;top:8px;left:8px}.bs-wizard>.bs-wizard-step>.progress{position:relative;border-radius:0;height:8px;-webkit-box-shadow:none;box-shadow:none;margin:20px 0}.bs-wizard>.bs-wizard-step>.progress>.progress-bar{width:0;-webkit-box-shadow:none;box-shadow:none;background:#fbe8aa}.bs-wizard>.bs-wizard-step.complete>.progress>.progress-bar{width:100%}.bs-wizard>.bs-wizard-step.active>.progress>.progress-bar{width:50%}.bs-wizard>.bs-wizard-step:first-child.active>.progress>.progress-bar{width:0}.bs-wizard>.bs-wizard-step:last-child.active>.progress>.progress-bar{width:100%}.bs-wizard>.bs-wizard-step.disabled>.bs-wizard-dot{background-color:#f5f5f5}.bs-wizard>.bs-wizard-step.disabled>.bs-wizard-dot:after{opacity:0}.bs-wizard>.bs-wizard-step:first-child>.progress{left:50%;width:50%}.bs-wizard>.bs-wizard-step:last-child>.progress{width:50%}.bs-wizard>.bs-wizard-step.disabled a.bs-wizard-dot{pointer-events:none}.left-navblock{display:inline-block;float:left;text-align:left;color:#fff;padding:0}.skin-blue .main-header .navbar .dropdown-menu li a{color:#333}a.logo.no-hover a:hover{background-color:transparent}.required{border-right:6px solid orange}body{font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Oxygen,Ubuntu,Cantarell,Fira Sans,Droid Sans,Helvetica Neue,sans-serif;font-size:13px}.sidebar-menu{font-size:14px;white-space:normal}@media print{a[href]:after{content:none}.tab-content>.tab-pane{display:block!important;opacity:1!important;visibility:visible!important}}.navbar-brand>img,img.navbar-brand-img{float:left;padding:5px 5px 5px 0;max-height:50px}.input-daterange{border-radius:0}.btn.bg-maroon,.btn.bg-purple{min-width:90px}[hidden]{display:none!important}#toolbar{margin-top:10px}#uploadPreview{border:1px solid grey}.icon-med{font-size:20px;color:#889195}#login-logo{padding-top:20px;padding-bottom:10px;max-width:200px}
  • public/js/build/all.js+8044 26 modified
  • public/js/build/vue.js+1 1 modified
  • public/js/build/vue.js.map+1 1 modified
  • public/js/dist/all.js+26 26 modified
  • public/mix-manifest.json+5 5 modified
    @@ -1,14 +1,14 @@
 {
-    "/js/build/vue.js": "/js/build/vue.js?id=af0a53aa1b89d0e19039",
+    "/js/build/vue.js": "/js/build/vue.js?id=96f90510b797ac27a94b",
     "/css/AdminLTE.css": "/css/AdminLTE.css?id=5e72463a66acbcc740d5",
     "/css/app.css": "/css/app.css?id=407edb63cc6b6dc62405",
     "/css/overrides.css": "/css/overrides.css?id=2d81c3704393bac77011",
-    "/js/build/vue.js.map": "/js/build/vue.js.map?id=79fce5e6515d8a4cc760",
+    "/js/build/vue.js.map": "/js/build/vue.js.map?id=423f16f63b86abd6b196",
     "/css/AdminLTE.css.map": "/css/AdminLTE.css.map?id=0be7790b84909dca6a0a",
     "/css/app.css.map": "/css/app.css.map?id=96b5c985e860716e6a16",
     "/css/overrides.css.map": "/css/overrides.css.map?id=f7ce9ca49027594ac402",
     "/css/dist/all.css": "/css/dist/all.css?id=98db4e9b7650453c8b00",
-    "/js/dist/all.js": "/js/dist/all.js?id=a3a656ed6316d4c4efe7",
+    "/js/dist/all.js": "/js/dist/all.js?id=114f1025a1b3e8975476",
     "/css/build/all.css": "/css/build/all.css?id=98db4e9b7650453c8b00",
-    "/js/build/all.js": "/js/build/all.js?id=a3a656ed6316d4c4efe7"
-}
\ No newline at end of file
+    "/js/build/all.js": "/js/build/all.js?id=114f1025a1b3e8975476"
+}
  • resources/assets/js/components/importer/importer-file.vue+1 3 modified
    @@ -40,9 +40,8 @@ tr {
                 </div>
                 </div>
             </div>
-            <div class="alert col-md-12"
+            <div class="alert col-md-12" style="text-align:left"
                  :class="alertClass"
-                 style="text-align:left"
                  v-if="statusText">
                 {{ this.statusText }}
             </div>
@@ -84,7 +83,6 @@ tr {
 
                 <div class="alert col-md-12" style="padding-top: 20px;"
                      :class="alertClass"
-                     style="text-align:left"
                      v-if="statusText">
                     {{ this.statusText }}
                 </div>
  • resources/assets/js/snipeit.js+12 1 modified
    @@ -260,7 +260,18 @@ $(document).ready(function () {
     }
 
     function formatDataSelection (datalist) {
-        return datalist.text;
+        // This a heinous workaround for a known bug in Select2.
+        // Without this, the rich selectlists are vulnerable to XSS.
+        // Many thanks to @uberbrady for this fix. It ain't pretty,
+        // but it resolves the issue until Select2 addresses it on their end.
+        //
+        // Bug was reported in 2016 :{
+        // https://github.com/select2/select2/issues/4587
+
+        return datalist.text.replace(/>/g, '&gt;')
+            .replace(/</g, '&lt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#039;');
     }
 
     // This handles the radio button selectors for the checkout-to-foo options

Vulnerability mechanics

Root cause

"Improper neutralization of input in Select2's rich selectlists allows for cross-site scripting."

Attack vector

An attacker can exploit this vulnerability when the Select2 component is used with Ajax remote data loading and HTML templates are employed to render listbox data. By injecting malicious HTML or script content into the data loaded via Ajax, an attacker can execute arbitrary JavaScript in the context of a victim's browser. This occurs because the component does not properly escape or neutralize the input before rendering it within the web page. [CWE-79]

Affected code

The vulnerability resides in the Select2 library's handling of rich selectlists, specifically when used with Ajax data loading and custom HTML templates. The `formatDataSelection` function within `public/js/build/all.js` is the primary location where the input is processed before rendering. The commit `dee92cfc6c016986b341c57ed06f3d65e9d18d43` targets this function to implement the fix. [patch_id=4410223]

What the fix does

The patch addresses the vulnerability by modifying the `formatDataSelection` function in `public/js/build/all.js`. This function now escapes special HTML characters like `>`, `<`, `

Preconditions

  • inputThe application must use Select2 with Ajax remote data loading and HTML templates for rendering listbox data.

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.