Closed enferas closed 1 year ago
@enferas Thank you, i have fixed mentioned vulnerabilities with this commit - https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/d5904379ca55014c5df34c67deda982c73dc7fe5
You can make a pull request with fixes, then i will check them and merge if you wants
Thank you for your response.
Here is the pull request https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/pull/243
I would like to report for possible XSS vulnerabilities.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\views\add_product.php
$languages and $trans_load are loaded from the DB and not sanitized.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\controllers\AddProduct.php
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\admin\models\Languages_model.php
The setLanguage method is called in file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\admin\controllers\advanced_settings\Languages.php
There are other similar vulnerabilities that I can provide them if you confirm my report.