CVE-2023-23021 is assigned
7 second order XSS vulnerabilities.
For example,
In file ci4_pos\app\Controllers\Main.php
code,name,description, and price are extracted from $this->request->getPost()
and saved in the DB.
public function product_add(){
if($this->request->getMethod() == 'post'){
extract($this->request->getPost());
$udata= [];
$udata['code'] = $code;
$udata['name'] = $name;
$udata['description'] = $description;
$udata['price'] = $price;
//...
$save = $this->prod_model->save($udata);
//...
}
}
Then it will be extracted from the DB and printed in the list view.
In file ci4_pos\app\Controllers\Main.php
public function products(){
//...
$this->data['products'] = $this->prod_model->paginate($this->data['perPage']);
//...
return view('pages/products/list', $this->data);
}
Then in file ci4_pos\app\Views\pages\products\list.php
<td class="px-2 py-1 align-middle"><?= $row['code'] ?></td>
<td class="px-2 py-1 align-middle"><?= $row['name'] ?></td>
<td class="px-2 py-1 align-middle"><?= $row['description'] ?></td>
6 first order XSS vulnerabilities.
For example:
In file ci4_pos\app\Controllers\Main.php
public function __construct(){
//...
$this->data = ['session' => $this->session,'request'=>$this->request];
}
public function product_add(){
//...
return view('pages/products/add', $this->data);
}
// In pages/products/add.php
<?= !empty($request->getPost('code')) ? $request->getPost('code') : '' ?>
<?= !empty($request->getPost('description')) ? $request->getPost('description') : '' ?>