Lucene search
PRIOn knowledge basePRION:CVE-2022-21715HistoryJan 24, 2022 - 8:15 p.m.
Cross site scripting
2022-01-2420:15:00
PRIOn knowledge base
www.prio-n.com
6
0.001 Low
EPSS
Percentile
35.4%
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using API\ResponseTrait or ResourceController Users may also disable Auto Route and use defined routes only.
| CPE | Name | Operator | Version |
|---|---|---|---|
| codeigniter | ge | 4.0.0 | |
| codeigniter | lt | 4.1.8 |
Related
osv
osv
CVE-2022-21715
2022-01-24 20:15:08
BIT-codeigniter-2022-21715
2024-03-06 10:54:26
Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-27 15:09:00
github
github
Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-27 15:09:00
cvelist
cvelist
CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-24 19:55:10
nvd
nvd
CVE-2022-21715
2022-01-24 20:15:08
friendsofphp
friendsofphp
CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4
2022-01-24 17:41:56
veracode
veracode
Cross-site Scripting (XSS)
2022-01-25 05:08:03
cve
cve
CVE-2022-21715
2022-01-24 20:15:08