mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
767 B
767 B
CVE-2013-4891
Description
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.
POC
Reference
- https://github.com/bcit-ci/CodeIgniter/issues/4020
- https://nealpoole.com/blog/2013/07/codeigniter-21-xss-clean-filter-bypass/