CVE-2026-34568 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

CVE-2026-34568

CVE-2026-34568 affects CI4MS, a CodeIgniter 4–based CMS skeleton. The root cause is improper sanitization of user-controlled input when creating or editing blog posts, allowing a stored JavaScript payload in blog content. The payload is stored server-side and later rendered in multiple views with...

CVE-2026-34567 CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories...

CVE-2026-34567

CI4MS (CodeIgniter 4-based CMS skeleton) prior to 0.31.0.0 is vulnerable to stored XSS in the Categories section of blog posts due to insufficient input sanitization. An attacker can inject JavaScript into Categories content, which is stored server-side and rendered unsafely when viewing blog pos...

CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...

CVE-2026-34559

CI4MS (CodeIgniter 4-based CMS skeleton) is affected prior to version 0.31.0.0. A stored cross-site scripting (XSS) flaw arises from improper sanitization when creating or editing blog tags, allowing an attacker to inject a malicious JavaScript payload in the tag name that is stored server-side a...

CVE-2026-30879

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a cross-site scripting vulnerability in blog posts. This issue has been patched in version 5.2.3...

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

Digital Transformation in Africa: Security, Scale, and Control

...

PT-2026-29632

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stor...

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the failure to immediately terminate active user sessions after accounts were disabled, potentially allowing persistent...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability occurred due to improper handling of user input when creating or editing blog articles, which could lead to storage-based...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean user-controlled input when creating or editing blog tags. Attackers could inject...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability occurred due to improper handling of user input when creating or editing blog categories, which could lead to storage-based...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup of user inputs when creating or editing pages within the page management functionality, which...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of user input when creating or editing blog articles in the category section, which could lea...

PT-2026-29633

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not properly sanitize user-controlled input when creating or editing blog categories. An attacker can inject a malicious JavaScript payload into the category title field, which ...

EUVD-2026-17263

baserCMS has a cross-site scripting vulnerability in blog posts...

baserCMS has a cross-site scripting vulnerability in blog posts

baserCMS has a cross-site scripting vulnerability in blog posts. Target baserCMS 5.2.1 and earlier versions Vulnerability Malicious Javascript may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...

GHSA-JMQ3-X8Q7-J9QM baserCMS has a cross-site scripting vulnerability in blog posts

baserCMS has a cross-site scripting vulnerability in blog posts. Target baserCMS 5.2.1 and earlier versions Vulnerability Malicious Javascript may be executed in blog posts. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...