9 matches found
CVE-2026-34559
CI4MS (CodeIgniter 4-based CMS skeleton) is affected prior to version 0.31.0.0. A stored cross-site scripting (XSS) flaw arises from improper sanitization when creating or editing blog tags, allowing an attacker to inject a malicious JavaScript payload in the tag name that is stored server-side a...
CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean user-controlled input when creating or editing blog tags. Attackers could inject...
CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
EUVD-2025-199018
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
CVE-2025-65956
Summary: CVE-2025-65956 affects Formwork CMS (flat-file CMS) prior to version 2.2.0. The vulnerability is a stored cross-site scripting (XSS) in the blog tag field; unsanitized input inserted into the tag field can execute attacker-controlled scripts in the browser of any privileged user (adminis...
PT-2025-48034
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
GHSA-7J46-F57W-76PJ Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...
Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...