WS-2017-0264 | Mend Vulnerability Database

Vulnerability DatabaseWS-2017-0264

WS-2017-0264

Published:May 14, 2026

Updated:May 14, 2026

In Semantic-UI when using a dropdown and allowing users to type their own additions to a multi select, I am getting an error if the user types in \\ at the end of the text. This appears to be allowing the user to escape outside of the selector and can be used in XSS attacks.

Affected Packages

semantic-ui (CDN_JS):

Affected version(s) >=0.18.0 <2.2.8

Fix Suggestion:

Update to version 2.2.8

semantic-ui (NPM):

Affected version(s) >=0.18.0 <2.2.8

Fix Suggestion:

Update to version 2.2.8

themelogy/selcuklu-theme (PHP):

Affected version(s) >=dev-master <=1.0.0

Fix Suggestion:

Update to version no_fix

sabre/katana (PHP):

Affected version(s) >=0.2.0 <=0.4.2

Fix Suggestion:

Update to version no_fix

semantic/ui (PHP):

Affected version(s) >=dev-search-selection <dev-transition-interval-fix

Fix Suggestion:

Update to version dev-transition-interval-fix

themelogy/sonax-theme (PHP):

Affected version(s) >=dev-master <=1.0.8

Fix Suggestion:

Update to version no_fix

semantic/ui (PHP):

Affected version(s) =dev-purify <dev-resize-obs

Fix Suggestion:

Update to version dev-resize-obs

themelogy/carwash-theme (PHP):

Affected version(s) >=dev-master <1.0.1

Fix Suggestion:

Update to version 1.0.1

societycms/theme-societyadmin (PHP):

Affected version(s) >=dev-dante <=dev-master

Fix Suggestion:

Update to version no_fix

king23/skeleton-with-semantic (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

neonbug/meexo-common (PHP):

Affected version(s) =dev-master <0.0.1

Fix Suggestion:

Update to version 0.0.1

themelogy/saygili-theme (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

jpass/theme-bundle (PHP):

Affected version(s) =v0.1

Fix Suggestion:

Update to version no_fix

ensphere/authentication (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

sabre/katana (PHP):

Affected version(s) >=dev-Hywan-composer <0.1.0

Fix Suggestion:

Update to version 0.1.0

sagsoz06/adminlte-theme (PHP):

Affected version(s) >=dev-master <=2.1.9

Fix Suggestion:

Update to version no_fix

semantic/ui (PHP):

Affected version(s) =dev-es6-sourcemaps <dev-hammy2899-fa5

Fix Suggestion:

Update to version dev-hammy2899-fa5

themelogy/carwash-theme (PHP):

Affected version(s) =1.0.2

Fix Suggestion:

Update to version no_fix

mariocoski/laravel-blogger (PHP):

Affected version(s) >=dev-dev <v.0.1.0

Fix Suggestion:

Update to version v.0.1.0

neonbug/meexo-common (PHP):

Affected version(s) >=0.0.3 <0.4.7

Fix Suggestion:

Update to version 0.4.7

mariocoski/laravel-blogger (PHP):

Affected version(s) >=v0.1.2 <dev-dependabot/composer/erusev/parsedown-1.8.0-beta-7

Fix Suggestion:

Update to version dev-dependabot/composer/erusev/parsedown-1.8.0-beta-7

Related Resources (1)

https://github.com/Semantic-Org/Semantic-UI/issues/4962

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

LOW

Subsequent System Integrity

LOW

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE