Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

995 matches found

OSV
OSVadded 2022/10/06 12:0 a.m.29 views

CVE-2022-39284 Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued in Codeigniter4

CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...

2.6CVSS4.8AI score0.00825EPSS
Exploits1References8
CNNVD
CNNVDadded 2022/10/06 12:0 a.m.3 views

CodeIgniter 安全漏洞

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.2.7 that stems from its incorrect configuration causing cookie values to be incorrectly publicized to scripts...

4.3CVSS5.1AI score0.00825EPSS
Exploits1References7
Positive Technologies
Positive Technologiesadded 2022/10/06 12:0 a.m.2 views

PT-2022-24868 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter versions prior to 4.2.7 Description: The issue arises when setting $secure or $httponly value to true in ConfigCookie is not reflected in set cookie or Response::setCookie, resulting in cookie values being erroneously exposed to...

4.3CVSS4.3AI score0.00825EPSS
Exploits1References15
CVE
CVEadded 2022/10/06 12:0 a.m.80 views

CVE-2022-39284

CodeIgniter 4 prior to v4.2.7 has a cookie handling bug where setting secure or HttpOnly (Config\Cookie) is not reflected in set_cookie() or Response::setCookie(), causing cookie values to be exposed to scripts. The vulnerability is limited to non-session cookies and does not affect sessions. Aff...

4.3CVSS4.3AI score0.00825EPSS
Exploits1References6Affected Software1
0day.today
0day.todayadded 2022/09/23 12:0 a.m.197 views

Multix 2.4 Cross Site Request Forgery Vulnerability

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on Ubuntu...

0.7AI score
Exploits0
Packet Storm
Packet Stormadded 2022/09/22 12:0 a.m.252 views

Multix 2.4 Cross Site Scripting

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Reflected Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2022/09/22 12:0 a.m.304 views

Multix 2.4 Cross Site Request Forgery

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on Ubuntu...

0.8AI score
Exploits0
OSV
OSVadded 2022/08/18 8:15 p.m.23 views

CVE-2022-35213

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

6.1CVSS6.2AI score0.00481EPSS
Exploits1References2
NVD
NVDadded 2022/08/18 8:15 p.m.18 views

CVE-2022-35213

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

6.1CVSS0.00481EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2022/08/18 8:15 p.m.1 views

CVE-2022-35213

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

6.1CVSS5.7AI score0.00481EPSS
Exploits1References3
Prion
Prionadded 2022/08/18 8:15 p.m.17 views

Cross site scripting

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

5.8CVSS6AI score0.00481EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2022/08/18 7:30 p.m.70 views

CVE-2022-35213

CVE-2022-35213 relates to Ecommerce-CodeIgniter-Bootstrap before commit 56465f, where a cross-site scripting (XSS) flaw exists in the base_url() usage at /blog/blogpublish.php. Affected versions before the commit are vulnerable; impact is an XSS risk with potential user interaction. Remediation: ...

6.1CVSS6AI score0.00481EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2022/08/18 7:30 p.m.32 views

CVE-2022-35213

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

6.2AI score0.00481EPSS
Exploits1References2
OSV
OSVadded 2022/08/18 7:3 p.m.108 views

GHSA-5HM8-VH6R-2CJQ CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection

Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...

5.9CVSS7AI score0.00474EPSS
Exploits1References7
Github Security Blog
Github Security Blogadded 2022/08/18 7:3 p.m.85 views

CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection

Impact This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a subdomain site e.g., https://a.example.com/ of the target site e.g.,...

8.8CVSS8.5AI score0.00474EPSS
Exploits1References7Affected Software1
CNNVD
CNNVDadded 2022/08/18 12:0 a.m.3 views

Ecommerce-CodeIgniter-Bootstrap 跨站脚本漏洞

Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in versions of Ecommerce-CodeIgniter-Bootstrap prior to 56465f, which stems from the function baseurl in blog/blogpublish.php was found to...

6.1CVSS6.1AI score0.00481EPSS
Exploits1References3
NVD
NVDadded 2022/08/12 9:15 p.m.42 views

CVE-2022-35943

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...

8.8CVSS0.00474EPSS
Exploits1References4
Prion
Prionadded 2022/08/12 9:15 p.m.12 views

Authentication flaw

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...

6.8CVSS8.9AI score0.00474EPSS
Exploits1References4Affected Software2
Vulnrichment
Vulnrichmentadded 2022/08/12 8:55 p.m.6 views

CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...

5.9CVSS9.1AI score0.00474EPSS
Exploits1References4
Cvelist
Cvelistadded 2022/08/12 8:55 p.m.43 views

CVE-2022-35943 SameSite may allow cross-site request forgery (CSRF) protection to be bypassed

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect, e.g., XSS control over a...

5.9CVSS9.2AI score0.00474EPSS
Exploits1References4
Rows per page
Query Builder