Vulnerabilities > Codeigniter > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-24 | CVE-2023-48707 | Cleartext Storage of Sensitive Information vulnerability in Codeigniter Shield 1.0.0 CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. | 6.5 |
| 2023-11-24 | CVE-2023-48708 | Information Exposure Through Log Files vulnerability in Codeigniter Shield 1.0.0 CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. | 6.5 |
| 2023-03-13 | CVE-2023-27580 | Use of Password Hash With Insufficient Computational Effort vulnerability in Codeigniter Shield 1.0.0 CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. | 5.9 |
| 2022-10-06 | CVE-2022-39284 | Incorrect Permission Assignment for Critical Resource vulnerability in Codeigniter CodeIgniter is a PHP full-stack web framework. | 4.3 |
| 2022-02-28 | CVE-2022-24712 | Cross-Site Request Forgery (CSRF) vulnerability in Codeigniter CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. | 6.8 |
| 2022-01-24 | CVE-2022-21715 | Cross-site Scripting vulnerability in Codeigniter CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. | 4.3 |
| 2020-01-09 | CVE-2012-1915 | Cross-site Scripting vulnerability in Codeigniter EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks. | 4.3 |
| 2018-02-21 | CVE-2013-4891 | Cross-site Scripting vulnerability in Codeigniter The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. | 4.3 |
| 2017-11-17 | CVE-2017-1000247 | Improper Input Validation vulnerability in Codeigniter 3.1.3 British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. | 5.0 |
| 2017-09-19 | CVE-2014-8686 | Cryptographic Issues vulnerability in Codeigniter CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. | 5.0 |