GSA_kwCzR0hTQS1xOWozLTRnaGotNmg1N84AA8GQ

Moderate CVSS: 4.7

Permalink JSON

Inadequate XSS Prevention in CodeIgniter/Framework Security Library

Affected Packages	Affected Versions	Fixed Versions
packagist:codeigniter/framework	< 3.0.3	3.0.3
69 Dependent packages 509 Dependent repositories 2,281,301 Downloads total Affected Version Ranges All affected versions 3.0.0, 3.0.1, 3.0.1rc, 3.0.1rc2, 3.0.2 All unaffected versions 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13

Potentially Affected Packages

These packages share the same source repository and may be affected by this vulnerability, but are not listed in the advisory.

8 other packages share this repository

Package	Ecosystem	Latest Version
bcit-ci/codeigniter	packagist	3.1.13
github.com/bcit-ci/codeigniter	go	v2.1.0+incompatible
ellislab/codeigniter	packagist
ci_framework	bower
codeigniter2	bower
ci	bower
codeigniter3	bower
github.com/bcit-ci/CodeIgniter	go	v2.1.0+incompatible

The xss_clean() method in the Security Library of CodeIgniter/Framework, specifically in versions before 3.0.3, exhibited a vulnerability that allowed certain Cross-Site Scripting (XSS) vectors to bypass its intended protection mechanisms.

The xss_clean() method is designed to sanitize input data by removing potentially malicious content, thus preventing XSS attacks. However, in versions prior to 3.0.3, it was discovered that the method did not adequately mitigate specific XSS vectors, leaving a potential security gap.

References:

Identifiers

GHSA-q9j3-4ghj-6h57

Risk

Severity

Moderate

CVSS

CVSS Score: 4.7

CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bcit-ci/CodeIgniter
View on Ecosyste.ms

Date and time

Published

about 2 years ago

Updated

2 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories