16 matches found
CVE-2026-34571
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...
CVE-2026-34571
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the backend user management process. An attacker can execute arbitrary JavaScript code in the context of authenticated backend users by injecti...
GHSA-FC4P-P49V-R948 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
Summary A critical Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript cod...
EUVD-2026-18088
CI4MS: Stored Cross‑Site Scripting Stored XSS in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise...
CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
Summary A critical Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript cod...
CVE-2026-34571
CI4MS is a CodeIgniter 4-based CMS skeleton. Before version 0.31.0.0, a Stored XSS vulnerability exists in the backend user management functionality due to inadequate input sanitization when rendering in the admin interface. This enables persistent JavaScript execution, leading to potential sessi...
CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...
CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...
PT-2026-29635
Name of the Vulnerable Software and Affected Versions: CI4MS versions prior to 0.31.0.0 Description: CI4MS, a CodeIgniter 4-based CMS skeleton, contains a Stored Cross-Site Scripting Stored XSS issue in the backend user management functionality. The application does not properly sanitize...
GHSA-3JRG-97F3-RQH9 TYPO3 Unverified Password Change for Backend Users
Problem The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower th...
TYPO3 Unverified Password Change for Backend Users
Problem The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower th...
Unverified Password Change
Overview typo3/cms-setup is an Allows users to edit a limited set of options for their user profile, including preferred language, their name and email address. Affected versions of this package are vulnerable to Unverified Password Change through the backend user management interface. An attacke...
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an...
CVE-2025-47938 TYPO3 Vulnerable to Unverified Password Change for Backend Users
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from a backend user management interface that allows passwords to be changed without validating the current password. The following...