CVE-2007-3708

Name of the Vulnerable Software and Affected Versions CodeIgniter version 1.5.3 before 20070626

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is due to insufficient sanitization by the xss clean function, specifically through the use of String.fromCharCode and malformed nested tag manipulations in an unspecified component.

Recommendations For CodeIgniter version 1.5.3 before 20070626, update to a version released after 20070626 to resolve the issue. As a temporary workaround, consider disabling the xss clean function until a patch is available, and ensure proper input validation and sanitization for all user-supplied data.