12 matches found
CVE-2022-35213
CVE-2022-35213 relates to Ecommerce-CodeIgniter-Bootstrap before commit 56465f, where a cross-site scripting (XSS) flaw exists in the base_url() usage at /blog/blogpublish.php. Affected versions before the commit are vulnerable; impact is an XSS risk with potential user interaction. Remediation: ...
CVE-2020-25091
CVE-2020-25091 : XSS in Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 due to lack of proper validation in application/modules/vendor/views/add_product.php. Multiple sources corroborate the issue; CNVD notes the root cause as missing input validation. No patch/version remediation is specified ...
CVE-2021-40975
The CVE-2021-40975 entry concerns a Cross-site scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap. Affected component: application/modules/admin/views/ecommerce/products.php within Ecommerce-CodeIgniter-Bootstrap (CodeIgniter 3.1.11, Bootstrap 3.3.7). The root cause is unsanitized i...
CVE-2020-25088
The CVE-2020-25088 entry relates to Ecommerce-CodeIgniter-Bootstrap (pre-2020-08-03) and allows cross-site scripting in the admin blog publish view (application/modules/admin/views/blog/blogpublish.php). Concrete details from connected sources confirm the vulnerability stems from insufficient val...
CVE-2020-25092
CVE-2020-25092 affects Ecommerce-CodeIgniter-Bootstrap. The vulnerability is an XSS issue located in _parts/header.php and in the templates at application/views/templates/clothesshop, application/views/templates/greenlabel, and application/views/templates/redlabel. The public records indicate thi...
CVE-2024-6526
CVE-2024-6526 affects CodeIgniter Ecommerce-CodeIgniter-Bootstrap. The vulnerability arises from manipulation of the arguments search_title, catName, sub, name, and categorie, which leads to cross-site scripting (XSS). It can be exploited remotely, and public exploits/ PoC have been disclosed. A ...
CVE-2020-25087
CVE-2020-25087 affects Ecommerce-CodeIgniter-Bootstrap (pre-2020-08-03) with a stored/reflected XSS in application/modules/admin/views/advanced_settings/languages.php. The NVD entry reports CVSSv2 base 4.3 (MEDIUM) and CVSSv3.1 base 6.1 (MEDIUM), indicating network vector with no authentication, ...
CVE-2020-25086
CVE-2020-25086 affects Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, where the vulnerability resides in application/modules/admin/views/advanced_settings/adminUsers.php. The root cause described across connected records is lack of proper validation of client-side data, enabling cross-site ...
CVE-2020-25090
The CVE-2020-25090 entry corresponds to an XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, specifically in application/modules/admin/views/ecommerce/publish.php. The root cause is insufficient validation of client-side data in the web application, enabling cross-site scr...
CVE-2023-23010
CVE-2023-23010 is reported in Ecommerce-CodeIgniter-Bootstrap as a Cross-Site Scripting (XSS) vulnerability that can allow an attacker to execute arbitrary code via the languages and trans_load parameters in add_product.php, following commit d5904379ca55014c5df34c67deda982c73dc7fe5 (Dec 27, 2022)...
CVE-2020-25093
The CVE-2020-25093 entry concerns an XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03. The affected area is blog.php within the templates: clothesshop, onepage, and redlabel. The underlying issue is a cross-site scripting flaw that allows input to be echoed without proper ...
CVE-2020-25089
CVE-2020-25089 affects Ecommerce-CodeIgniter-Bootstrap prior to 2020-08-03, allowing cross-site scripting in application/modules/admin/views/ecommerce/discounts.php. Multiple connected sources corroborate an XSS vulnerability stemming from insufficient input validation. The CVSS metrics indicate ...