CVE-2023-23015 is assigned
Link: https://github.com/kalkun-sms/Kalkun
XSS vulnerability with the user name.
We see that the username will be setted in the DB without sanitization in file Kalkun-devel\application\models\User_model.php
$this->db->set('username', trim($this->input->post('username')));
Then the username retrieved from the DB and set in the session then redirect to 'kalkun' in file Kalkun-devel\application\models\Kalkun_model.php
function login(){
$username = $this->input->post('username');
$this->db->from('user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() === 1 && password_verify($this->input->post('password'), $query->row('password')))
{
//..
$this->session->set_userdata('username', $query->row('username'));
//...
}
if ($this->input->post('r_url'))
{
redirect($this->input->post('r_url'));
}
else
{
redirect('kalkun');
}
}
In file Kalkun-devel\application\controllers\Kalkun.php
function index()
{
//...
$this->load->view('main/layout', $data);
}
In file Kalkun-devel\application\views\main\layout.php
<?php $this->load->view('main/dock');?>
Finally, in file Kalkun-devel\application\views\main\dock.php
<?php echo $this->session->userdata('username');?>