Packagist (Composer) package
tastyigniter/tastyigniter
pkg:composer/tastyigniter/tastyigniter
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61417 | — | <= 3.7.7 | — | Oct 20, 2025 | Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing | ||
| CVE-2024-44314 | — | < 4.0.0 | 4.0.0 | Mar 18, 2025 | TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission | ||
| CVE-2024-44313 | — | < 4.0.0 | 4.0.0 | Mar 18, 2025 | TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks. | ||
| CVE-2022-0602 | — | < 3.3.0 | 3.3.0 | Apr 5, 2022 | Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0. |
- CVE-2025-61417Oct 20, 2025affected <= 3.7.7
Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing
- CVE-2024-44314Mar 18, 2025affected < 4.0.0fixed 4.0.0
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission
- CVE-2024-44313Mar 18, 2025affected < 4.0.0fixed 4.0.0
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.
- CVE-2022-0602Apr 5, 2022affected < 3.3.0fixed 3.3.0
Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.