CVE-2025-45406

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/advisories/GHSA-7h5r-54mm-w4pq", "name": "https://github.com/advisories/GHSA-7h5r-54mm-w4pq", "tags": [], "refsource": ""}, {"url": "https://medium.com/@talktoshweta0/when-debugging-bites-back-exposing-a-persistent-xss-in-codeigniter4-c9caf804a190", "name": "https://medium.com/@talktoshweta0/when-debugging-bites-back-exposing-a-persistent-xss-in-codeigniter4-c9caf804a190", "tags": [], "refsource": ""}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15943", "name": "https://nvd.nist.gov/vuln/detail/CVE-2020-15943", "tags": [], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/50556", "name": "https://www.exploit-db.com/exploits/50556", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbar_time, and because debugbar-related data is automatically escaped by the CodeIgniter Parser class."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-45406", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2025-07-25T17:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-29T13:15Z"}