CVE-2023-23010 is assigned
Link: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap
Mutiple XSS vulnerabilities.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\views\add_product.php
CVE-2023-23010 is assigned
Link: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap
Mutiple XSS vulnerabilities.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\views\add_product.php
CVE-2023-23019 is assigned
15 XSS vulnerabilities.
For example,
the username and email will be saved in the DB in file ci4_blog\app\Controllers\Main.php
CVE-2023-23021 is assigned
7 second order XSS vulnerabilities.
For example,
In file ci4_pos\app\Controllers\Main.php
code,name,description, and price are extracted from $this->request->getPost()
and saved in the DB.
CVE-2023-23022 is assigned
59 second order XSS vulnerabilities.
For example,
In file ci4_payroll\app\Controllers\Main.php
code, title, from_date and to_date are extracted from $this->request->getPost()
.
CVE-2023-23011 is assigned
Link: https://github.com/InvoicePlane/InvoicePlane
Multiple XSS vulnerabilities.
Vulnerability1: In file InvoicePlane-development\application\modules\products\controllers\Ajax.php
$filter_product = $this->input->get('filter_product');
CVE-2023-23012 is assigned
Link: https://github.com/craigrodway/classroombookings
XSS vulnerability.
In file classroombookings-master\application\controllers\Weeks.php in function save_week
the input 'bgcol' will be saved in the DB and passed to the view when it will be printed without sanitization.
CVE-2023-23013 is assigned
Link: https://github.com/Devnawjesh/hr-payroll
Multiple XSS vulnerabilities.
For example,
In file hr-payroll-master\application\controllers\Logistice.php
CVE-2023-23014 is assigned
Link: https://github.com/ronknight/InventorySystem
Mutiple XSS vulnerabilities.
For example,
In file InventorySystem-master\application\controllers\Stores.php in update function
CVE-2023-23015 is assigned
Link: https://github.com/kalkun-sms/Kalkun
XSS vulnerability with the user name.
We see that the username will be setted in the DB without sanitization in file Kalkun-devel\application\models\User_model.php
$this->db->set('username', trim($this->input->post('username')));
CVE-2023-23016 is assigned
Link: https://github.com/Wscats/cms
Many XSS vulnerabilities.
For example,
The injection through the news title. The source will be inserted in the DB, then it will be passed from the DB to the view.