The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.
References
Link | Resource |
---|---|
https://github.com/bcit-ci/CodeIgniter/issues/4020 | Issue Tracking Third Party Advisory |
https://nealpoole.com/blog/2013/07/codeigniter-21-xss-clean-filter-bypass/ | Exploit Third Party Advisory |
https://www.codeigniter.com/userguide2/changelog.html | Release Notes |
Configurations
History
No history.
Information
Published : 2018-02-21 16:29
Updated : 2024-02-04 19:46
NVD link : CVE-2013-4891
Mitre link : CVE-2013-4891
CVE.ORG link : CVE-2013-4891
JSON object : View
Products Affected
codeigniter
- codeigniter
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')