CVE-2022-21715

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CodeIgniter4 versions prior to 4.1.8

Description A cross-site scripting (XSS) issue was found in APIResponseTrait in CodeIgniter4. Attackers can perform XSS attacks if a potential victim is using APIResponseTrait.

Recommendations For versions prior to 4.1.8, upgrade to version 4.1.8 or later. As a temporary workaround, consider avoiding the use of APIResponseTrait or ResourceController. Alternatively, disable Auto Route and use defined routes only.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-CODEIGNITER-2022-21715

CVE-2022-21715

GHSA-7528-7JG5-6G62

Affected Products

Codeigniter4

CVE-2022-21715

Weakness Enumeration

Related Identifiers

Affected Products

References · 11