제출 #845904: kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Cross Site Scripting정보

제목kirilkirkov Ecommerce-CodeIgniter-Bootstrap master Cross Site Scripting
설명## Description Ecommerce-CodeIgniter-Bootstrap contains a stored cross-site scripting vulnerability in the newsletter subscription flow. An unauthenticated attacker can submit a newsletter subscription request with a crafted `User-Agent` header. The application stores the attacker-controlled browser metadata in the `subscribed` table. The administrator subscribed emails page later renders the stored `browser` value without output encoding. When an administrator visits the subscribed emails page, the stored payload can execute in the backend context. ## Technical Details - Affected component: `application/core/MY_Controller.php`, `application/modules/admin/views/settings/emails.php` - Storage flow: newsletter subscription handling in `checkForPostRequests()` - Admin sink: `/index.php/admin/emails` - Weakness: `CWE-79` - CVSS v3.1: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N` - Severity: `High` - Published: `2026-05-20` - Patched version / fix commit: `23105f25dadf57b4314fc015a63a7c6e910c89df` - GitHub Security Advisory: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-v69c-5xg5-q7r8 - Vendor fix: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/23105f25dadf57b4314fc015a63a7c6e910c89df
원천⚠️ https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/security/advisories/GHSA-v69c-5xg5-q7r8
사용자
 Anonymous User
제출2026. 06. 02. AM 10:06 (1 월 ago)
모더레이션2026. 07. 03. PM 07:24 (1 month later)
상태수락
VulDB 항목376149 [kirilkirkov Ecommerce-CodeIgniter-Bootstrap 까지 213babdbaa949e94557246414db0130e01394517 Subscribed Emails Admin Page MY_Controller.php checkForPostRequests User-Agent 크로스 사이트 스크립팅]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!