#VU30451 Cross-site scripting in CodeIgniter - CVE-2012-1915
Vulnerability identifier: #VU30451
Vulnerability risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]
CVE-ID:
CWE-ID:
CWE-79
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
CodeIgniter
Server applications /
Web servers
Vendor: CodeIgniter
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.
Mitigation
Install update from vendor's website.
Vulnerable software versions
CodeIgniter: 2.1.0 - 2.1.1
External links
https://www.securityfocus.com/bid/54620
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
