FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

codeigniter -- multiple vulnerabilities

Affected packages
codeigniter < 2.2.6


VuXML ID 698403a7-803d-11e5-ab94-002590263bf5
Discovery 2015-10-31
Entry 2015-11-01

The CodeIgniter changelog reports:

Fixed an XSS attack vector in Security Library method xss_clean().

Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.

Changed CAPTCHA Helper to try to use the operating system's PRNG first.


FreeBSD PR ports/203403