CVE-2025-45406 Information

Description

A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter.

Reference

https://github.com/advisories/GHSA-7h5r-54mm-w4pq https://medium.com/@talktoshweta0/when-debugging-bites-back-exposing-a-persistent-xss-in-codeigniter4-c9caf804a190 https://nvd.nist.gov/vuln/detail/CVE-2020-15943 https://www.exploit-db.com/exploits/50556

Related CNNVD

CNNVD-202507-3327 (Published: 2025-07-25)