CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2024-6526 – CodeIgniter Ecommerce-CodeIgniter-Bootstrap cross site scripting
https://notcve.org/view.php?id=CVE-2024-6526
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/1b3da45308bb6c3f55247d0e99620b600bd85277 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263#issuecomment-2199387443 https://vuldb.com/?ctiid.270369 https://vuldb.com/?id.270369 https://vuldb.com/?submit.368472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-23010
https://notcve.org/view.php?id=CVE-2023-23010
Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php. Vulnerabilidad de cross site scripting (XSS) en Ecommerce-CodeIgniter-Bootstrap a través del commit d5904379ca55014c5df34c67deda982c73dc7fe5 (el 27 de diciembre de 2022), permite a atacantes ejecutar código arbitrario a través de los idiomas y los parámetros trans_load en el archivo add_product.php. • https://gist.github.com/enferas/8a836008e9f635a2f80d09c9a8b5a533 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d5904379ca55014c5df34c67deda982c73dc7fe5 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35213
https://notcve.org/view.php?id=CVE-2022-35213
Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. Se ha detectado que Ecommerce-CodeIgniter-Bootstrap versiones anteriores al commit 56465f, contenía una vulnerabilidad de tipo cross-site scripting (XSS) por medio de la función base_url() en el archivo /blog/blogpublish.php. • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/56465fb6a83aaa934a76615a8579100938b790a1 https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25086
https://notcve.org/view.php?id=CVE-2020-25086
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/adminUsers.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/advanced_settings/adminUsers.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25087
https://notcve.org/view.php?id=CVE-2020-25087
Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/advanced_settings/languages.php. Ecommerce-CodeIgniter-Bootstrap antes del 03-08-2020, permite un ataque de tipo XSS en el archivo application/modules/admin/views/advanced_settings/languages.php • https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •