CVE-2023-23022 is assigned
59 second order XSS vulnerabilities.
For example,
In file ci4_payroll\app\Controllers\Main.php
code, title, from_date and to_date are extracted from $this->request->getPost()
.
public function payroll_edit($id=''){
if($this->request->getMethod() == 'post'){
extract($this->request->getPost());
$udata= [];
$udata['code'] = $code;
$udata['title'] = $title;
$udata['from_date'] = $from_date;
$udata['to_date'] = $to_date;
//...
$this->payroll_model->where('id',$id)->set($udata)->update();
//...
}
$this->data['page_title']="Edit Payroll";
$this->data['payroll'] = $this->payroll_model->where("id ='{$id}'")->first();
return view('pages/payrolls/edit', $this->data);
}
Then it will be printed in the edit view, in file ci4_payroll\app\Views\pages\payrolls\edit.php
<div class="mb-3">
<label for="code" class="control-label">Code</label>
<input type="text" class="form-control rounded-0" id="code" name="code" autofocus placeholder="Payroll Code" value="<?= isset($payroll['code']) ? $payroll['code'] : '' ?>" required="required">
</div>
<div class="mb-3">
<label for="title" class="control-label">Title</label>
<input type="text" class="form-control rounded-0" id="title" name="title" placeholder="Payroll Title" value="<?= isset($payroll['title']) ? $payroll['title'] : '' ?>" required="required">
</div>
<div class="mb-3">
<label for="from_date" class="control-label">Date From</label>
<input type="date" class="form-control rounded-0" id="from_date" name="from_date"value="<?= isset($payroll['from_date']) ? $payroll['from_date'] : '' ?>" required="required">
</div>
<div class="mb-3">
<label for="to_date" class="control-label">Date To</label>
<input type="date" class="form-control rounded-0" id="to_date" name="to_date"value="<?= isset($payroll['to_date']) ? $payroll['to_date'] : '' ?>" required="required">
</div>
23 first order XSS vulnerabilities.
For example:
In file ci4_payroll\app\Controllers\Main.php
public function __construct(){
//...
$this->data = ['session' => $this->session,'request'=>$this->request];
}
public function user_add(){
//...
return view('pages/users/add', $this->data);
}
// In pages/users/add.php
<?= !empty($request->getPost('name')) ? $request->getPost('name') : '' ?>
public function department_add(){
//...
return view('pages/departments/add', $this->data);
}
// In pages/departments/add.php
<?= !empty($request->getPost('code')) ? $request->getPost('code') : '' ?>