Moderate severityNVD Advisory· Published Jan 24, 2022· Updated Apr 23, 2025
Cross-site Scripting Vulnerability in CodeIgniter4
CVE-2022-21715
Description
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A cross-site scripting (XSS) vulnerability was found in API\ResponseTrait in Codeigniter4 prior to version 4.1.8. Attackers can do XSS attacks if a potential victim is using API\ResponseTrait. Version 4.1.8 contains a patch for this vulnerability. There are two potential workarounds available. Users may avoid using API\ResponseTrait or ResourceController Users may also disable Auto Route and use defined routes only.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
codeigniter4/frameworkPackagist | < 4.1.8 | 4.1.8 |
Affected products
3- osv-coords2 versions
>= 4.0.0, < 4.1.8+ 1 more
- (no CPE)range: >= 4.0.0, < 4.1.8
- (no CPE)range: < 4.1.8
- Range: < 4.1.8
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-7528-7jg5-6g62ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-21715ghsaADVISORY
- codeigniter4.github.io/userguide/incoming/routing.htmlghsax_refsource_MISCWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/codeigniter4/framework/CVE-2022-21715.yamlghsaWEB
- github.com/codeigniter4/CodeIgniter4/commit/70d881cf5322b7c32e69516aebd2273ac6a1e8ddghsax_refsource_MISCWEB
- github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-7528-7jg5-6g62ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.