24 matches found
EUVD-2016-3241
Malware in sbrugna...
EUVD-2012-1924
Malware in sbrugna...
EUVD-2013-4736
Malware in sbrugna...
Cross Site Scripting(XSS)
codeIgniter/Framework is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to inadequate sanitization in the xssclean method within security.php, which allows an attacker can bypass the intended protection to execute arbitrary JavaScript code in the browser...
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
The xssclean method in the Security Library of CodeIgniter/Framework, specifically in versions before 3.0.3, exhibited a vulnerability that allowed certain Cross-Site Scripting XSS vectors to bypass its intended protection mechanisms. The xssclean method is designed to sanitize input data by...
CVE-2016-2138
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xssclean in class/KippoInput.class.php...
CVE-2016-2138
The CVE-2016-2138 entry concerns kippo-graph prior to version 1.5.1. The vulnerability is a cross-site scripting issue in xss_clean() within class/KippoInput.class.php, as described across multiple connected records (Red Hat, OSV, NVD, and related security trackers). Impact details in the sources...
CVE-2016-2138
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xssclean in class/KippoInput.class.php...
Cross-site Scripting (XSS)
francoisjacquet/rosariosis is vulnerable to cross-site scripting. An attacker is able to inject malicious script via the xssclean function in classes/Security.php...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in RosarioSIS before 7.6.1 via the xssclean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields...
CVE-2012-1915
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xssclean Filter and perform XSS attacks...
EllisLab CodeIgniter Cross-Site Scripting Vulnerability
EllisLab CodeIgniter is the United States EllisLab company for PHP web developers to use a set of application development framework and toolkit . A security vulnerability exists in the 'xssclean' function in EllisLab CodeIgniter versions prior to 2.1.4. The vulnerability can be exploited by remot...
CVE-2018-7476
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...
Cross site scripting
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...
CVE-2013-4891
The xssclean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting XSS attacks via an unclosed HTML tag...
CVE-2013-4891
The xssclean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting XSS attacks via an unclosed HTML tag...
FreeBSD : codeigniter -- multiple vulnerabilities (496160d3-d3be-11e6-ae1b-002590263bf5)
The CodeIgniter changelog reports : Fixed a number of new vulnerabilities in Security Library method xssclean. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques...
CodeIgniter: Link sanitation bypass in xss_clean()
Hi there, While researching a website that uses your framework xssclean function to sanitize user's input in comments, I was able to bypass it and could trigger XSS payloads using javascript links in allowed tags such as anchors. This could be achieved by using the new HTML5 standard entities suc...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Security: Added HTTP "Host" header character validation to prevent cache poisoning attacks when baseurl auto-detection is used. Security: Added FSCommand and seekSegmentTime to the "evil attributes" list in CISecurity::xssclean...
CodeIgniter 2.1 - xss_clean() Filter Security Bypass
CodeIgniter 2.1 - xssclean Filter Security Bypass source: https://www.securityfocus.com/bid/54620/info CodeIgniter is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass XSS filter protections and perform cross-site scripting attacks. CodeIgniter versions prior ...