XSS Vulnerability in Ecommerce-CodeIgniter-Bootstrap Affecting Multiple Templates
CVE-2020-25093

6.1MEDIUM

Key Information:

Vendor: Ecommerce-codeigniter-bootstrap Project
Status: Ecommerce-codeigniter-bootstrap
Vendor: CVE Published:; 3 September 2020

🔔 Create Ecommerce-codeigniter-bootstrap Project Vulnerability Alert

What is CVE-2020-25093?

A vulnerability in Ecommerce-CodeIgniter-Bootstrap before August 3, 2020, allows for Cross-Site Scripting (XSS) attacks through improper input validation in the blog.php file. This flaw affects templates within application/views/templates, including clothesshop, onepage, and redlabel. Attackers can exploit this vulnerability to inject malicious scripts, potentially compromising user data and the integrity of the application.

References

https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Boot...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2020
Vulnerability Reserved
Sep 3, 2020