Описание
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using API\ResponseTrait or ResourceController Users may also disable Auto Route and use defined routes only.
Ссылки
- MitigationVendor Advisory
- PatchThird Party Advisory
- MitigationThird Party Advisory
- MitigationVendor Advisory
- PatchThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.0 (включая) до 4.1.8 (исключая)
cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00621
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
около 4 лет назад
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...
CVSS3: 5.4
github
около 4 лет назад
Cross-site Scripting Vulnerability in CodeIgniter4
EPSS
Процентиль: 70%
0.00621
Низкий
5.4 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79