CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2012-1915 – CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass
https://notcve.org/view.php?id=CVE-2012-1915
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. EllisLab CodeIgniter versión 2.1.2, permite a atacantes remotos omitir el Filtro xss_clean() y llevar a cabo ataques de tipo XSS. CodeIgniter version 2.1.1 suffers from a cross site scripting filter bypass vulnerability. • https://www.exploit-db.com/exploits/37521 http://www.securityfocus.com/bid/54620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3709
https://notcve.org/view.php?id=CVE-2007-3709
CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header. Vulnerabilidad de inyección de retornos de carro y saltos de línea el la función redirección en url_helper.php de CodeIgniter 1.5.3 permite a atacantes remotos inyectar cabeceras HTML de su elección mediante secuencias CRLF en un parámetro no especificado, como se demuestra con una cabecera Set-Cookie. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html http://osvdb.org/39370 http://securityreason.com/securityalert/2877 http://www.securityfocus.com/archive/1/473190/100/0/threaded •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3708
https://notcve.org/view.php?id=CVE-2007-3708
Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en CodeIgniter 1.5.3 anterior a 20070626 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) String.fromCharCode y (2) manipulaciones de etiquetas anidadas malformadas en un componente no especificado, relacionado con un insuficiente limpieza por parte de la función xss_clean. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html http://osvdb.org/37907 http://secunia.com/advisories/25991 http://securityreason.com/securityalert/2877 http://www.securityfocus.com/archive/1/473190/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35350 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3707
https://notcve.org/view.php?id=CVE-2007-3707
Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. Vulnerabilidad de salto de directorio en index.php en CodeIgniter 1.5.3 anterior a 20070628, cuando enable_query_strings tiene el valor verdadero, permite a atacantes remotos leer archivos de su elección a través de la secuencia .. (punto punto) en el parámetro c. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html http://osvdb.org/37906 http://secunia.com/advisories/25991 http://securityreason.com/securityalert/2877 http://www.securityfocus.com/archive/1/473190/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35348 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3706
https://notcve.org/view.php?id=CVE-2007-3706
The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie. La función _sanitize_globals en CodeIgniter 1.5.3 anterior a 20070628 permite a atacantes remotos desasignar variables globales de su elección con impacto desconocido, como se demostró con la cookie _SERVER. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html http://osvdb.org/37905 http://secunia.com/advisories/25991 http://securityreason.com/securityalert/2877 http://www.securityfocus.com/archive/1/473190/100/0/threaded •