Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the htmlpurify validation process. An attacker can execute arbitrary JavaScript in the browsers of site visitors and administrators by submitti...

PT-2026-41688

Summary The custom html purify validation rule used to sanitize blog post bodies relies on by-reference mutation ?string &$str, but CodeIgniter 4's validator passes a local copy of the value, so the sanitized text is silently discarded. The Blog controller writes $lanData'content' directly into...

PT-2026-31319

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the html purify validation rule to content fields during create and update operations, while the Blog...

[SECURITY] Fedora 22 Update: php-htmLawed-1.1.21-1.fc22

PHP code to purify and filter HTML make HTML markup in text secure and standard-compliant process text for use in HTML, XHTML or XML documents restrict HTML elements, attributes or URL protocols using black or white-lists balance tags, check element nesting, transform deprecated attributes and...

CVE-2007-3498

The CVE concerns HTML Purifier prior to 2.0.1, specifically a cross-site scripting (XSS) issue in smoketests/configForm.php. The root cause is an unescaped print_r output, enabling remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected software is the HTML Purif...