CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25092
https://notcve.org/view.php?id=CVE-2020-25092
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo _parts/header.php, dentro de application/views/templates/clothesshop, application/views/templates/greenlabel, y application/views/templates/redlabel • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25093
https://notcve.org/view.php?id=CVE-2020-25093
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo blog.php. dentro application/views/templates/clothesshop, application/views/templates/onepage, y application/views/templates/redlabel • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10215 – bootstrap3-typeahead.js: Cross-site scripting via highlighter() function
https://notcve.org/view.php?id=CVE-2019-10215
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser. Bootstrap-3-Typeahead posterior a la versión 4.0.2, es vulnerable a un fallo de tipo cross-site scripting en la función highlighter(). Un atacante podría explotar esto mediante la interacción del usuario para ejecutar código en el navegador del usuario. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html https://access.redhat.com/errata/RHSA-2019:3771 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10215 https://access.redhat.com/security/cve/CVE-2019-10215 https://bugzilla.redhat.com/show_bug.cgi?id=1735506 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •