Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-21715

Опубликовано: 24 янв. 2022
Источник: debian

Описание

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
codeigniteritppackage

Связанные уязвимости

nvd логотип

CVE-2022-21715

CVSS3: 5.4
nvd
около 4 лет назад

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in `API\ResponseTrait` in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using `API\ResponseTrait`. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using `API\ResponseTrait` or `ResourceController` Users may also disable Auto Route and use defined routes only.

github логотип

GHSA-7528-7jg5-6g62

CVSS3: 5.4
github
около 4 лет назад

Cross-site Scripting Vulnerability in CodeIgniter4