CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21715 – Cross-site Scripting Vulnerability in CodeIgniter4
https://notcve.org/view.php?id=CVE-2022-21715
24 Jan 2022 — CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. • https://codeigniter4.github.io/userguide/incoming/routing.html#use-defined-routes-only • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2022-21647 – Deserialization of Untrusted Data in Codeigniter4
https://notcve.org/view.php?id=CVE-2022-21647
04 Jan 2022 — CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was found in the `old()` function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection. Users are advised to upgrade to v4.1.6 or later. • https://github.com/codeigniter4/CodeIgniter4/commit/ce95ed5765256e2f09f3513e7d42790e0d6948f5 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40975
https://notcve.org/view.php?id=CVE-2021-40975
01 Oct 2021 — Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo application/modules/admin/views/ecommerce/products.php en Ecommerce-CodeIgniter-Bootstrap (Codeigniter versión 3.1.11, Bootstrap versión 3.3.7) permiten a atacantes remotos inye... • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/c546a716ba56e8e33b3a5def1c18a6d89c3608f5/application/modules/admin/views/ecommerce/products.php#L37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25086
https://notcve.org/view.php?id=CVE-2020-25086
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/advanced_settings/adminUsers.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25087
https://notcve.org/view.php?id=CVE-2020-25087
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/advanced_settings/languages.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25088
https://notcve.org/view.php?id=CVE-2020-25088
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog/blogpublish.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/blog/blogpublish.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25089
https://notcve.org/view.php?id=CVE-2020-25089
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/discounts.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/ecommerce/discounts.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25090
https://notcve.org/view.php?id=CVE-2020-25090
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/ecommerce/publish.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25091
https://notcve.org/view.php?id=CVE-2020-25091
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add_product.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/vendor/views/add_product.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25092
https://notcve.org/view.php?id=CVE-2020-25092
03 Sep 2020 — Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo _parts/header.php, dentro de application/views/templates/clothesshop, application/views/templates/greenlabel, y application/views/templates/redlabel • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •