| 제목 | CodeIgniter Foundation Codeigniter 3.1.13 Cross Site Scripting |
|---|
| 설명 | An XSS (Cross-Site Scripting) vulnerability was identified in the search_title parameter of the web application. This vulnerability allows an attacker to inject arbitrary JavaScript code, which can be executed in the context of the user's browser.
Proof of Concept:
The following payload was used to demonstrate the vulnerability:
`"/<script><script>alert(1)</script>/"
http://localhost/ecomerce/admin/products?search_title=%22%2F%3Cscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%2F%22` |
|---|
| 원천 | ⚠️ https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263 |
|---|
| 사용자 | evilcode52 (UID 71460) |
|---|
| 제출 | 2024. 07. 04. AM 02:37 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 07. 05. AM 07:43 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 270369 [CodeIgniter Ecommerce-CodeIgniter-Bootstrap 까지 1998845073cf433bc6c250b0354461fbd84d0e03 search_title/catName/sub/name/categorie 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|