CVE-2023-23027 is assigned
Link: https://www.sourcecodester.com/php-codeigniter-expense-management-system-source-code
9 XSS vulnerabilities
Sinks in application/views/index.php
// line 195
<input name="" readonly="" type="text" class="form-control form-control-sm" value="<?php echo $row->name ?>" placeholder="" aria-label="Name">
// line 200
<input type="hidden" name="name" value="<?php echo $row->cus_id ?>">
// line 211
<input name="discription" value="<?php echo $row->discription ?>" type="text" class="form-control form-control-sm" id="exampleInputPassword1" placeholder="Description">
// line 218
<input name="amount" onkeypress="return isNumber(event)" value="<?php echo $row->amount ?>" type="text" class="form-control form-control-sm" placeholder="Debit Amount" aria-label="Debit Amount">
// line 371
<input name="" readonly="" type="text" class="form-control form-control-sm" value="<?php echo $row->name ?>" placeholder="" aria-label="Name">
// line 374
<input type="hidden" name="name" value="<?php echo $row->cus_id ?>">
// line 379
<input name="date" readonly="" type="text" value="<?php echo $row->date ?>" required="" class="form-control form-control-sm" placeholder="Username" aria-label="Date">
// line 386
<input name="discription" value="<?php echo $row->discription ?>" type="text" class="form-control form-control-sm" id="exampleInputPassword1" placeholder="Description">
// line 393
<input name="amount" onkeypress="return isNumber(event)" value="<?php echo $row->amount ?>" type="text" class="form-control form-control-sm" placeholder="Debit Amount" aria-label="Debit Amount">
All these sinks coming from the database. The information are saved in the database in these lines.
For example, in file application/controllers/Home.php line 215
$userData = array(
'cus_id' => strip_tags($this->input->post('name')),
'discription' => strip_tags($this->input->post('discription')),
'date' => strip_tags($this->input->post('date')),
'category_id' => strip_tags($this->input->post('item')),
'amount' => strip_tags($this->input->post('amount')),
'dis_cat' => "badge-gradient-warning",
);
$this->db->insert('debit', $userData);
Strip tags don't sanitize the input from the XSS in this case because it is in the input HTML tag. https://security.stackexchange.com/questions/97550/how-to-launch-xss-code-from-an-input-html-tag-upon-page-load
strip tags don't sanitize this input (" onfocus="alert(1)" autofocus=") which lead to XSS vulnerabilities.