CVE-2022-26624
MEDIUMecommerce_codeigniter_bootstrap - Cross-Site Scripting via Title Parameter
Title source: llmDescription
Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/blob/master/application/modules/vendor/views/add_product.php#L35
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/1Dp0dD9PNcwamjRi0ldD0hUOEivu48SR6/view?usp=sharing
Scores
CVSS v3
6.1
EPSS
0.0090
EPSS Percentile
55.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
ecommerce_codeigniter_bootstrap_project/ecommerce_codeigniter_bootstrap
Published
Apr 08, 2022
Tracked Since
Feb 18, 2026