CVE-2022-35213

Опубликовано: 18 авг. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.

Ссылки

https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/56465fb6a83aaa934a76615a8579100938b790a1
Patch
Third Party Advisory
https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/219
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/56465fb6a83aaa934a76615a8579100938b790a1
Patch
Third Party Advisory
https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/219
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ecommerce-codeigniter-bootstrap_project:ecommerce-codeigniter-bootstrap:*:*:*:*:*:*:*:*

Версия до 2021-08-21 (исключая)

EPSS

Процентиль: 44%

0.00218

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-fr5g-c625-crc8