Lucene search
GoogleOSV:GHSA-7528-7JG5-6G62HistoryJan 27, 2022 - 3:09 p.m.
Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-2715:09:00
Google
osv.dev
51
0.001 Low
EPSS
Percentile
35.4%
Impact
Cross-Site Scripting (XSS) vulnerability was found in API\ResponseTrait in Codeigniter4.
Attackers can do XSS attacks if you are using API\ResponseTrait.
Patches
Upgrade to v4.1.8 or later.
Workarounds
Do one of the following:
- Do not use
API\ResponseTraitnorResourceController - Disable Auto Route and Use Defined Routes Only
References
For more information
If you have any questions or comments about this advisory:
- Open an issue in codeigniter4/CodeIgniter4
- Email us at SECURITY.md
References
codeigniter4.github.io/userguide/incoming/routing.html#use-defined-routes-only
github.com/codeigniter4/CodeIgniter4/commit/70d881cf5322b7c32e69516aebd2273ac6a1e8dd
github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62
github.com/codeigniter4/framework
github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-21715.yaml
nvd.nist.gov/vuln/detail/CVE-2022-21715
Related
osv
osv
CVE-2022-21715
2022-01-24 20:15:08
BIT-codeigniter-2022-21715
2024-03-06 10:54:26
github
github
Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-27 15:09:00
veracode
veracode
Cross-site Scripting (XSS)
2022-01-25 05:08:03
prion
prion
Cross site scripting
2022-01-24 20:15:00
cvelist
cvelist
CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-24 19:55:10
nvd
nvd
CVE-2022-21715
2022-01-24 20:15:08
friendsofphp
friendsofphp
CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4
2022-01-24 17:41:56
cve
cve
CVE-2022-21715
2022-01-24 20:15:08