enferas

CVE-2023-23010 is assigned

Link: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap

Patch: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d5904379ca55014c5df34c67deda982c73dc7fe5

Mutiple XSS vulnerabilities.

In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\views\add_product.php

enferas

CVE-2023-23019 is assigned

Link: https://www.sourcecodester.com/php/15441/blog-site-php-using-codeigniter-4-framework-free-source-code.html

15 XSS vulnerabilities.

For example,

the username and email will be saved in the DB in file ci4_blog\app\Controllers\Main.php

enferas

CVE-2023-23021 is assigned

Link: https://www.sourcecodester.com/php/15427/pos-point-sale-system-php-using-codeigniter-4-free-source-code.html

7 second order XSS vulnerabilities.

For example,

In file ci4_pos\app\Controllers\Main.php code,name,description, and price are extracted from $this->request->getPost() and saved in the DB.

enferas

CVE-2023-23022 is assigned

Link: https://www.sourcecodester.com/php/15430/employees-payroll-management-system-php-using-codeigniter-4-free-source-code.html

59 second order XSS vulnerabilities.

For example,

In file ci4_payroll\app\Controllers\Main.php code, title, from_date and to_date are extracted from $this->request->getPost().

enferas

CVE-2023-23011 is assigned

Link: https://github.com/InvoicePlane/InvoicePlane

Multiple XSS vulnerabilities.

Vulnerability1: In file InvoicePlane-development\application\modules\products\controllers\Ajax.php

$filter_product = $this->input->get('filter_product');

enferas

CVE-2023-23012 is assigned

Link: https://github.com/craigrodway/classroombookings

XSS vulnerability.

In file classroombookings-master\application\controllers\Weeks.php in function save_week

the input 'bgcol' will be saved in the DB and passed to the view when it will be printed without sanitization.

enferas

CVE-2023-23013 is assigned

Link: https://github.com/Devnawjesh/hr-payroll

Multiple XSS vulnerabilities.

For example,

In file hr-payroll-master\application\controllers\Logistice.php

enferas

CVE-2023-23014 is assigned

Link: https://github.com/ronknight/InventorySystem

Mutiple XSS vulnerabilities.

For example,

In file InventorySystem-master\application\controllers\Stores.php in update function

enferas

CVE-2023-23015 is assigned

Link: https://github.com/kalkun-sms/Kalkun

XSS vulnerability with the user name.

We see that the username will be setted in the DB without sanitization in file Kalkun-devel\application\models\User_model.php

$this->db->set('username', trim($this->input->post('username')));

enferas

CVE-2023-23016 is assigned

Link: https://github.com/Wscats/cms

Many XSS vulnerabilities.

For example,

The injection through the news title. The source will be inserted in the DB, then it will be passed from the DB to the view.