Cross Site Scripting Vulnerability in Ecommerce-CodeIgniter-Bootstrap by kirilkirkov
CVE-2026-14633
Key Information:
- Vendor
Kirilkirkov
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14633?
A cross site scripting vulnerability exists in the Ecommerce-CodeIgniter-Bootstrap due to improper validation of user-supplied input in the Hidden REST API Endpoint. The flaw can be exploited remotely, leading to potential unauthorized script execution in users' browsers. A patch has been issued to fix this issue, and it's advisable for users to apply the aforementioned patch to secure their systems from exploitation.
Affected Version(s)
Ecommerce-CodeIgniter-Bootstrap 49b20f53de2b7ec34e920b11c863f1491d911a04
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
