Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I would like to report for possible XSS vulnerabilities.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\views\add_product.php
<?php foreach ($languages as $language) { ?> <button type="button" data-locale-change="<?= $language->abbr ?>" class="btn btn-default locale-change text-uppercase <?= $language->abbr == MY_DEFAULT_LANGUAGE_ABBR ? 'active' : '' ?>"> <img src="<?= base_url('attachments/lang_flags/' . $language->flag) ?>" alt=""> <?= $language->abbr ?> </button> <?php } ?> </div> <?php $i = 0; foreach ($languages as $language) { ?> <div class="locale-container locale-container-<?= $language->abbr ?>" <?= $language->abbr == MY_DEFAULT_LANGUAGE_ABBR ? 'style="display:block;"' : '' ?>> <input type="hidden" name="translations[]" value="<?= $language->abbr ?>"> <div class="form-group"> <img src="<?= base_url('attachments/lang_flags/' . $language->flag) ?>" alt="<?= $language->name ?>" class="language"> <input type="text" name="title[]" placeholder="<?= lang('vendor_product_name') ?>" value="<?= $trans_load != null && isset($trans_load[$language->abbr]['title']) ? $trans_load[$language->abbr]['title'] : '' ?>" class="form-control"> </div> <label><?= lang('vendor_product_description') ?> <img src="<?= base_url('attachments/lang_flags/' . $language->flag) ?>" alt="<?= $language->name ?>"></label> //...
$languages and $trans_load are loaded from the DB and not sanitized.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\controllers\AddProduct.php
$data['languages'] = $this->Languages_model->getLanguages(); //... $this->load->view('add_product', $data);
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\admin\models\Languages_model.php
public function getLanguages(){ $query = $this->db->query('SELECT * FROM languages'); return $query->result(); } public function setLanguage($post){ $post['name'] = strtolower($post['name']); $post['abbr'] = strtolower($post['abbr']); if (!$this->db->insert('languages', $post)) { log_message('error', print_r($this->db->error(), true)); show_error(lang('database_error')); } }
The setLanguage method is called in file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\admin\controllers\advanced_settings\Languages.php
$this->Languages_model->setLanguage($_POST);
There are other similar vulnerabilities that I can provide them if you confirm my report.
The text was updated successfully, but these errors were encountered:
@enferas Thank you, i have fixed mentioned vulnerabilities with this commit - d590437
Sorry, something went wrong.
You can make a pull request with fixes, then i will check them and merge if you wants
Thank you for your response.
Here is the pull request #243
No branches or pull requests
I would like to report for possible XSS vulnerabilities.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\views\add_product.php
$languages and $trans_load are loaded from the DB and not sanitized.
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\vendor\controllers\AddProduct.php
In file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\admin\models\Languages_model.php
The setLanguage method is called in file Ecommerce-CodeIgniter-Bootstrap-master\application\modules\admin\controllers\advanced_settings\Languages.php
There are other similar vulnerabilities that I can provide them if you confirm my report.
The text was updated successfully, but these errors were encountered: