BIT-codeigniter-2022-21715

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/codeigniter/BIT-codeigniter-2022-21715.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-codeigniter-2022-21715
Aliases
Published
2024-03-06T10:54:26.480Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using API\ResponseTrait or ResourceController Users may also disable Auto Route and use defined routes only.

References

Affected packages

Bitnami / codeigniter

Package

Name
codeigniter
Purl
pkg:bitnami/codeigniter

Severity

  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
4.0.0
Fixed
4.1.8