Cross Site Scripting Vulnerability in Ecommerce-CodeIgniter-Bootstrap by Kiril Kirkov
CVE-2026-14634
Key Information:
- Vendor
Kirilkirkov
- Vendor
- CVE Published:
- 4 July 2026
Badges
What is CVE-2026-14634?
A Cross Site Scripting vulnerability has been identified in the Ecommerce-CodeIgniter-Bootstrap, specifically affecting the Subscribed Emails Admin Page. The issue arises from improper handling of the User-Agent argument in the checkForPostRequests function located in application/core/MY_Controller.php. This flaw allows attackers to exploit the vulnerability remotely, with publicly accessible variants of the exploit available online. To mitigate this issue, it is crucial to apply the provided patch, 23105f25dadf57b4314fc015a63a7c6e910c89df, as version information for future updates is not disclosed due to the rolling release nature of the software.
Affected Version(s)
Ecommerce-CodeIgniter-Bootstrap 213babdbaa949e94557246414db0130e01394517
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
