CVE-2012-1915

CVE-2012-1915 affects EllisLab CodeIgniter up to version 2.1.1; CodeIgniter 2.1.2 fixes bypasses of the xss_clean() filter in system/core/Security.php, enabling XSS that could bypass input filtering. Documented bypass vectors include various HTML tag/attribute configurations that bypass the filte...

CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass

Affected products ============== CodeIgniter = 2.1.1 PHP framework and all CodeIgniter-based PHP applications using its built-in XSS filtering mechanism. CVE ==== CVE-2012-1915 Introduction ========== CodeIgniter http://codeigniter.com is a powerful PHP framework with a very small footprint, buil...

CodeIgniter 2.1.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications This is a security advisory for popular PHP framework - CodeIgniter. I've found several bypasses in xss sanitization functions in the framework. These were responsibly disclosed to the vendor and are now fixed in version 2.1.2. CVE-2012-1915...

CodeIgniter 2.1.1 Cross Site Scripting Bypass

This is a security advisory for popular PHP framework - CodeIgniter. I've found several bypasses in xss sanitization functions in the framework. These were responsibly disclosed to the vendor and are now fixed in version 2.1.2. CVE-2012-1915. Affected products ============== CodeIgniter = 2.1.1 P...