CVE-2022-21715

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21715

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21715.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21715

Aliases

Published

2022-01-24T20:15:08Z

Modified

2024-05-30T03:29:46.126987Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using API\ResponseTrait or ResourceController Users may also disable Auto Route and use defined routes only.

References

Affected packages

Git / github.com/codeigniter4/codeigniter4

Affected ranges

Type: GIT
Repo: https://github.com/codeigniter4/codeigniter4
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

70d881cf5322b7c32e69516aebd2273ac6a1e8dd

Affected versions

4.*

4.0.0

4.0.2

v4.*

v4.0.0-alpha.1

v4.0.0-alpha.2

v4.0.0-alpha.3

v4.0.0-alpha.4

v4.0.0-alpha.5

v4.0.0-beta.1

v4.0.0-beta.3

v4.0.0-beta.4

v4.0.0-rc.1

v4.0.0-rc.2

v4.0.0-rc.2.1

v4.0.0-rc.2b

v4.0.0-rc.3

v4.0.0-rc.4

v4.0.0.0-alpha.5

v4.0.1

v4.0.3

v4.0.4

v4.0.5

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7