codeigniter4/framework is vulnerable to cross-site scripting(XSS) attacks. A remote unauthenticated attacker is able to inject and execute malicious javascript on victim’s browser when the potential victim is using API\ResponseTrait
.
CPE | Name | Operator | Version |
---|---|---|---|
codeigniter4/framework | le | v4.1.7 | |
codeigniter4/framework | le | v4.1.7 |
codeigniter4.github.io/userguide/incoming/routing.html#use-defined-routes-only
github.com/codeigniter4/CodeIgniter4/commit/70d881cf5322b7c32e69516aebd2273ac6a1e8dd
github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62
github.com/codeigniter4/framework/commit/eabd7dc9ac803ac3c7549d1dea939fe98bd0e4db