CVE-2022-35213
https://notcve.org/view.php?id=CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. Se ha detectado que Ecommerce-CodeIgniter-Bootstrap versiones anteriores al commit 56465f, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función base_url() en el archivo /blog/blogpublish.php. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/56465fb6a83aaa934a76615a8579100938b790a1 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-1726 – Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in wenzhixin/bootstrap-table
https://notcve.org/view.php?id=CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties. Una vulnerabilidad de tipo XSS en Bootstrap Tables con el plugin Table Export cuando exportOptions: htmlContent es true en el repositorio de GitHub wenzhixin/bootstrap-table versiones anteriores a 1.20.2. Divulgación de cookies de sesión, divulgación de datos de sesión seguros, exfiltración de datos a terceros • https://github.com/wenzhixin/bootstrap-table/commit/b4a1e5dd332be652e0bc376fd9256886cf4bbde9 https://huntr.dev/bounties/9b85cc33-0395-4c31-8a42-3a94beb2efea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-26624
https://notcve.org/view.php?id=CVE-2022-26624
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php. Se ha detectado que Bootstrap versiones v3.1.11 y v3.3.7, contienen una vulnerabilidad de tipo cross-site scripting (XSS) por medio del parámetro Title en el archivo /vendor/views/add_product.php • https://drive.google.com/file/d/1Dp0dD9PNcwamjRi0ldD0hUOEivu48SR6/view?usp=sharing https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/master/application/modules/vendor/views/add_product.php#L35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-23472 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23472
This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array (instead of a string) even if the escape attribute is set. Esto afecta a las versiones anteriores a la 1.19.1 del paquete bootstrap-table. Una vulnerabilidad de confusión de tipos puede llevar a una evasión de la sanitización de la entrada cuando la entrada proporcionada a la función escapeHTML es un array (en lugar de una cadena) incluso si el atributo escape está establecido • https://github.com/wenzhixin/bootstrap-table/blob/develop/src/utils/index.js%23L218 https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1910690 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1910689 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBWENZHIXIN-1910687 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910688 https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2021-40975
https://notcve.org/view.php?id=CVE-2021-40975
Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo application/modules/admin/views/ecommerce/products.php en Ecommerce-CodeIgniter-Bootstrap (Codeigniter versión 3.1.11, Bootstrap versión 3.3.7) permiten a atacantes remotos inyectar scripts web o HTML arbitrarios por medio del parámetro search_title • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/c546a716ba56e8e33b3a5def1c18a6d89c3608f5/application/modules/admin/views/ecommerce/products.php#L37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •