13 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/1b3da45308bb6c3f55247d0e99620b600bd85277 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263#issuecomment-2199387443 https://vuldb.com/?ctiid.270369 https://vuldb.com/?id.270369 https://vuldb.com/?submit.368472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. Vulnerabilidad de cross site scripting (XSS) en Ecommerce-CodeIgniter-Bootstrap a través del commit d5904379ca55014c5df34c67deda982c73dc7fe5 (el 27 de diciembre de 2022), permite a atacantes ejecutar código arbitrario a través de los idiomas y los parámetros trans_load en el archivo add_product.php. • https://gist.github.com/enferas/8a836008e9f635a2f80d09c9a8b5a533 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d5904379ca55014c5df34c67deda982c73dc7fe5 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. Se ha detectado que Ecommerce-CodeIgniter-Bootstrap versiones anteriores al commit 56465f, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función base_url() en el archivo /blog/blogpublish.php. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/56465fb6a83aaa934a76615a8579100938b790a1 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. Se ha detectado que Bootstrap versiones v3.1.11 y v3.3.7, contienen una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro Title en el archivo /vendor/views/add_product.php • https://drive.google.com/file/d/1Dp0dD9PNcwamjRi0ldD0hUOEivu48SR6/view?usp=sharing https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/master/application/modules/vendor/views/add_product.php#L35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo application/modules/admin/views/ecommerce/products.php en Ecommerce-CodeIgniter-Bootstrap (Codeigniter versión 3.1.11, Bootstrap versión 3.3.7) permiten a atacantes remotos inyectar scripts web o HTML arbitrarios por medio del parámetro search_title • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/c546a716ba56e8e33b3a5def1c18a6d89c3608f5/application/modules/admin/views/ecommerce/products.php#L37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •