Lucene search
Veracode Vulnerability DatabaseVERACODE:33887HistoryJan 25, 2022 - 5:08 a.m.
Cross-site Scripting (XSS)
2022-01-2505:08:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
35.4%
codeigniter4/framework is vulnerable to cross-site scripting(XSS) attacks. A remote unauthenticated attacker is able to inject and execute malicious javascript on victim’s browser when the potential victim is using API\ResponseTrait.
| CPE | Name | Operator | Version |
|---|---|---|---|
| codeigniter4/framework | le | v4.1.7 | |
| codeigniter4/framework | le | v4.1.7 |
References
codeigniter4.github.io/userguide/incoming/routing.html#use-defined-routes-only
github.com/codeigniter4/CodeIgniter4/commit/70d881cf5322b7c32e69516aebd2273ac6a1e8dd
github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62
github.com/codeigniter4/framework/commit/eabd7dc9ac803ac3c7549d1dea939fe98bd0e4db
Related
osv
osv
CVE-2022-21715
2022-01-24 20:15:08
BIT-codeigniter-2022-21715
2024-03-06 10:54:26
Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-27 15:09:00
github
github
Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-27 15:09:00
prion
prion
Cross site scripting
2022-01-24 20:15:00
cvelist
cvelist
CVE-2022-21715 Cross-site Scripting Vulnerability in CodeIgniter4
2022-01-24 19:55:10
nvd
nvd
CVE-2022-21715
2022-01-24 20:15:08
friendsofphp
friendsofphp
CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4
2022-01-24 17:41:56
cve
cve
CVE-2022-21715
2022-01-24 20:15:08