CVE-2026-34564

CVE-2026-34564 affects CI4MS, a CodeIgniter 4-based CMS skeleton. Before 0.31.0.0, the Menu Management Pages feature fails to sanitize user-controlled input, storing data server-side and rendering it without proper output encoding. This leads to stored DOM-based XSS in both administrative interfa...

CVE-2026-34564

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Manageme...

CVE-2026-34562 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...

CVE-2026-34562

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...

CVE-2026-34560 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

CVE-2026-34560

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

CVE-2026-34559

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...

CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a...

CVE-2026-34559

CI4MS (CodeIgniter 4-based CMS skeleton) is affected prior to version 0.31.0.0. A stored cross-site scripting (XSS) flaw arises from improper sanitization when creating or editing blog tags, allowing an attacker to inject a malicious JavaScript payload in the tag name that is stored server-side a...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean user-controlled input when creating or editing blog tags. Attackers could inject...

PT-2026-29635

Name of the Vulnerable Software and Affected Versions: CI4MS versions prior to 0.31.0.0 Description: CI4MS, a CodeIgniter 4-based CMS skeleton, contains a Stored Cross-Site Scripting Stored XSS issue in the backend user management functionality. The application does not properly sanitize...

PT-2026-29631

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS, a CodeIgniter 4-based CMS, is susceptible to stored DOM-based cross-site scripting XSS through the Page Management functionality. The application does not properly sanitize user-controlled...

PT-2026-29633

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not properly sanitize user-controlled input when creating or editing blog categories. An attacker can inject a malicious JavaScript payload into the category title field, which ...

PT-2026-29636

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not immediately revoke active user sessions when an account is deactivated. This is due to a logic flaw where account state changes are only enforced during login, not for...

PT-2026-29629

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Management functionality. Page-related data selected via the Pages section is...

PT-2026-29625

Name of the Vulnerable Software and Affected Versions: CI4MS versions prior to 0.31.0.0 Description: CI4MS is a CodeIgniter 4-based CMS skeleton. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface, leading to a stored DOM Blind XSS scenario...

PT-2026-29634

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not immediately revoke active user sessions when an account is deleted. This is due to a logic flaw where account state changes are only enforced during login, not for existing...

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of user input in the backend user management function, which could lead to storage-based...

PT-2026-29626

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS, a CodeIgniter 4-based CMS, is susceptible to a stored Cross-site Scripting XSS issue within the System Settings – Social Media Management section. The application does not properly sanitize...

PT-2026-29624

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a malicious JavaScript payload into the tag name field, which is then stor...