Skip to main content

Ecommerce Codeigniter Bootstrap CVE-2024-6526

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-07-05 cna@vuldb.com
5.3
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vuldb) · only source for this CVE.

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Jul 05, 2024 - 14:15 cve.org
MEDIUM 5.3

DescriptionCVE.org

A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability.

AnalysisAI

A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability. Affected products include: Ecommerce-Codeigniter-Bootstrap Project Ecommerce-Codeigniter-Bootstrap. Version information: up to 1998845073.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-31822 CRITICAL POC
9.8 Apr 29

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2024-31820 CRITICAL POC
9.8 Apr 29

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2024-31823 HIGH POC
8.8 Apr 29

An issue in Ecommerce-CodeIgniter-Bootstrap commit v. Rated high severity (CVSS 8.8), this vulnerability is remotely exp

CVE-2024-31821 HIGH POC
8.0 Apr 29

SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. Rated high severity (CVSS 8.0), this vulnerabil

CVE-2026-14637 HIGH POC
7.8 Jul 04

PHP object injection in kirilkirkov's Ecommerce-CodeIgniter-Bootstrap allows remote unauthenticated attackers to pass at

CVE-2023-23010 MEDIUM POC
6.1 Jan 20

Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c

CVE-2022-35213 MEDIUM POC
6.1 Aug 18

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerabilit

CVE-2022-26624 MEDIUM POC
6.1 Apr 08

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title paramete

CVE-2021-40975 MEDIUM POC
6.1 Oct 01

Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgni

CVE-2026-14635 MEDIUM POC
5.5 Jul 04

Path traversal in kirilkirkov's Ecommerce-CodeIgniter-Bootstrap exposes server-side files and upload directories to mani

CVE-2026-14634 LOW POC
2.1 Jul 04

Reflected/stored cross-site scripting in the Subscribed Emails Admin Page of kirilkirkov's Ecommerce-CodeIgniter-Bootstr

CVE-2026-14632 LOW POC
2.1 Jul 04

Open redirect in kirilkirkov Ecommerce-CodeIgniter-Bootstrap allows remote attackers to manipulate the href argument of

Share

CVE-2024-6526 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy