CVE-2023-23024 is assigned
50 XSS vulnerabilities.
Different sources that saved in the database in this project.
For example:
// In file application/models/M_book.php
$object=array(
'book_title'=>$this->input->post('book_title'),
'year'=>$this->input->post('year'),
'price'=>$this->input->post('price'),
'category_code'=>$this->input->post('category'),
'publisher'=>$this->input->post('publisher'),
'writer'=>$this->input->post('writer'),
'stock'=>$this->input->post('stock')
);
return $this->db->insert('book', $object);
// In file application/models/M_transaction.php
$object=array(
'user_code'=>$this->input->post('user_code'),
'buyer_name'=>$this->input->post('buyer_name'),
'tgl' => date('Y-m-d'),
'total'=>$this->input->post('total'),
'bookname'=>$this->input->post('bookname'),
'book_qty'=>$this->input->post('book_qty'),
);
$this->db->insert('transaction', $object);
These sources will pass from the database to the view files.
For example:
// In file application/views/v_book.php
<td><?=$book->book_title?></td>
<td><?=$book->year?></td>
<td><?=$book->category_name?></td>
<td><?=$book->publisher?></td>
<td><?=$book->writer?></td>
<td><?=$book->stock?></td>
// In file application/views/v_transaction.php
<td><?=$book->book_title?></td>
<td><?=$book->category_name?></td>
<td class="text-right">$<?=$book->price?></td>
<td class="text-right"><?=$book->stock?></td>
<?php foreach ($transaction as $transaction): ?>
<option class="text-dark" value="<?=$transaction->user_code?>"><?=$transaction->fullname?></option>
<?php endforeach ?>