16 matches found
CVE-2022-35213
CVE-2022-35213 relates to Ecommerce-CodeIgniter-Bootstrap before commit 56465f, where a cross-site scripting (XSS) flaw exists in the base_url() usage at /blog/blogpublish.php. Affected versions before the commit are vulnerable; impact is an XSS risk with potential user interaction. Remediation: ...
CVE-2024-31820
An issue in Ecommerce-CodeIgniter-Bootstrap (Languages.php, getLangFolderForEdit) allows remote code execution via a crafted call to the getLangFolderForEdit method. The CVE-2024-31820 entry notes the vulnerability; Red Hat and OSV/CNNVD variants corroborate the same description. No affected vers...
CVE-2024-31821
CVE-2024-31821 affects Ecommerce-CodeIgniter-Bootstrap. The issue is a SQL Injection in the manageQuantitiesAndProcurement method of the Orders_model.php component, triggered by commit d22b54e8915f167a135046ceb857caaf8479c4da. This allows a remote attacker to potentially execute arbitrary code. T...
CVE-2020-25091
CVE-2020-25091 : XSS in Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 due to lack of proper validation in application/modules/vendor/views/add_product.php. Multiple sources corroborate the issue; CNVD notes the root cause as missing input validation. No patch/version remediation is specified ...
CVE-2020-25092
CVE-2020-25092 affects Ecommerce-CodeIgniter-Bootstrap. The vulnerability is an XSS issue located in _parts/header.php and in the templates at application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. The public records indicate thi...
CVE-2024-31823
CVE-2024-31823 affects Ecommerce-CodeIgniter-Bootstrap due to a code-execution flaw in the Publish.php component’s removeSecondaryImage method (commit d22b54e8915f167a135046ceb857caaf8479c4da). Remote attackers can trigger arbitrary code execution; CVSS 3.1 base score 8.8 (HIGH) with network acce...
CVE-2020-25087
CVE-2020-25087 affects Ecommerce-CodeIgniter-Bootstrap (pre-2020-08-03) with a stored/reflected XSS in application/modules/admin/views/advanced_settings/languages.php. The NVD entry reports CVSSv2 base 4.3 (MEDIUM) and CVSSv3.1 base 6.1 (MEDIUM), indicating network vector with no authentication, ...
CVE-2021-40975
The CVE-2021-40975 entry concerns a Cross-site scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap. Affected component: application/modules/admin/views/ecommerce/products.php within Ecommerce-CodeIgniter-Bootstrap (CodeIgniter 3.1.11, Bootstrap 3.3.7). The root cause is unsanitized i...
CVE-2020-25088
The CVE-2020-25088 entry relates to Ecommerce-CodeIgniter-Bootstrap (pre-2020-08-03) and allows cross-site scripting in the admin blog publish view (application/modules/admin/views/blog/blogpublish.php). Concrete details from connected sources confirm the vulnerability stems from insufficient val...
CVE-2024-31822
The CVE-2024-31822 issue affects Ecommerce-CodeIgniter-Bootstrap and is triggered by the saveLanguageFiles method in the Languages.php component (commit d22b54e8915f167a135046ceb857caaf8479c4da). The vulnerability allows a remote attacker to execute arbitrary code, with a CVSS v3.1 base score of ...
CVE-2024-6526
CVE-2024-6526 affects CodeIgniter Ecommerce-CodeIgniter-Bootstrap. The vulnerability arises from manipulation of the arguments search_title, catName, sub, name, and categorie, which leads to cross-site scripting (XSS). It can be exploited remotely, and public exploits/ PoC have been disclosed. A ...
CVE-2020-25086
CVE-2020-25086 affects Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, where the vulnerability resides in application/modules/admin/views/advanced_settings/adminUsers.php. The root cause described across connected records is lack of proper validation of client-side data, enabling cross-site ...
CVE-2020-25090
The CVE-2020-25090 entry corresponds to an XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, specifically in application/modules/admin/views/ecommerce/publish.php. The root cause is insufficient validation of client-side data in the web application, enabling cross-site scr...
CVE-2020-25093
The CVE-2020-25093 entry concerns an XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03. The affected area is blog.php within the templates: clothesshop, onepage, and redlabel. The underlying issue is a cross-site scripting flaw that allows input to be echoed without proper ...
CVE-2023-23010
CVE-2023-23010 is reported in Ecommerce-CodeIgniter-Bootstrap as a Cross-Site Scripting (XSS) vulnerability that can allow an attacker to execute arbitrary code via the languages and trans_load parameters in add_product.php, following commit d5904379ca55014c5df34c67deda982c73dc7fe5 (Dec 27, 2022)...
CVE-2020-25089
CVE-2020-25089 affects Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, allowing cross-site scripting in application/modules/admin/views/ecommerce/discounts.php. Multiple connected sources corroborate an XSS vulnerability stemming from insufficient input validation. The CVSS metrics indicate ...