enferas

CVE-2023-23018 is assigned

Link: https://github.com/amirsanni/Mini-Inventory-and-Sales-Management-System

Multiple XSS vulnerabilities.

For example,

In file Mini-Inventory-and-Sales-Management-System-master\application\views\email\memberupdate.php

enferas

CVE-2023-23017 is assigned

Link: https://github.com/MUlt1mate/cron-manager

XSS vulnerability with date_begin and date_end.

In file cron-manager-master\examples\codeigniter\application\controllers\TasksController.php

public function tasksReport()

enferas

Link: https://github.com/RamonSilva20/mapos

Multiple XSS vulnerabilities.

For example,

'telefone' is saved in the DB, then it is retrieved and printed in the view.

In file mapos-master\application\controllers\Clientes.php

enferas

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41938

In file extensions\tags\src\Content\Tag.php

public function __invoke(Document $document, Request $request){
    //...
    $tag = $this->tags->findOrFail($tagId, $actor);
    //...

enferas

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27371

In AuditLogController in Controllers\Settings\AuditLogController.php

class AuditLogController extends Controller
{
    /**
     * Display the page listing all the audit logs.
     */
    public function index()

enferas

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15489

<input type="text" name="q" class="form-control" placeholder="Search..." value="{!! request()->input('q') !!}">

The sanitization

<input type="text" name="q" class="form-control" placeholder="Search..." value="{{ request()->input('q') }}">

enferas

References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20962

In the controller Controllers/CrudController.php

public function show($id){
    //...
    // set columns from db
    $this->crud->setFromDb();
    //..
    // get the info for that entry

enferas

CVE-2023-23023 is assigned

Link: https://www.sourcecodester.com/php-ci-laundry-management-system-source-code

163 XSS vulnerabilities in this project.

The sources will be saved from the database, then they will pass to the view files.

For example,

enferas

CVE-2023-23025 is asigned

Link: https://www.sourcecodester.com/php-codeigniter-hotel-management-system-source-code

22 XSS vulnerabilities in this project.

Sources will be saved in the database, then it will be printed without sanitization in the view files.

For example,

enferas

CVE-2023-23024 is assigned

Link: https://www.sourcecodester.com/php/15748/book-store-management-system-project-using-php-codeigniter-3-free-source-code.html

50 XSS vulnerabilities.

Different sources that saved in the database in this project.

For example: