Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1cv5-c88f-ebdt
Vulnerability ID VCID-1cv5-c88f-ebdt
Aliases GMS-2015-40
Summary XSS vulnerability There's an XSS attack vector in Security Library method `xss_clean()`.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
https://github.com/bcit-ci/CodeIgniter/commit/249580e711d42fe966e52d7bcc0f349ba99a94a3
https://github.com/bcit-ci/CodeIgniter/commit/4fbf2d1a8e2b6d33e92f3f353b05388fd3229bd7
https://github.com/bcit-ci/CodeIgniter/commit/71b1b3f5b2dcc0f4b652e9494e9853b82541ac8c
https://github.com/bcit-ci/CodeIgniter/commit/f0f47da9ae4227968ccc9ee6511bcab526498b4c
http://www.codeigniter.com/user_guide/changelog.html#version-3-0-3
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-12T15:39:17.569963+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/codeigniter/framework/GMS-2015-40.yml 38.6.0