CVE-2023-23014 is assigned
Link: https://github.com/ronknight/InventorySystem
Mutiple XSS vulnerabilities.
For example,
In file InventorySystem-master\application\controllers\Stores.php in update function
$data = array(
'name' => $this->input->post('edit_store_name'),
'active' => $this->input->post('edit_active'),
);
$update = $this->model_stores->update($data, $id);
In file InventorySystem-master\application\models\Model_stores.php
public function update($data, $id){
if($data && $id) {
$this->db->where('id', $id);
$update = $this->db->update('stores', $data);
return ($update == true) ? true : false;
}
}
Then In file InventorySystem-master\application\controllers\Stores.php
public function fetchStoresDataById($id) {
if($id) {
$data = $this->model_stores->getStoresData($id);
echo json_encode($data);
}
}
In file InventorySystem-master\application\models\Model_stores.php
public function getStoresData($id = null){
if($id) {
$sql = "SELECT * FROM `stores` where id = ?";
$query = $this->db->query($sql, array($id));
return $query->row_array();
}
$sql = "SELECT * FROM `stores`";
$query = $this->db->query($sql);
return $query->result_array();
}