4 matches found
EUVD-2026-20484
CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List...
CVE-2026-39391 CI4MS has Stored XSS via Unescaped Blacklist Note in Admin User List
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into a...
CVE-2026-39391
CVE-2026-39391 affects CI4MS, a CodeIgniter 4-based CMS skeleton. Before 0.31.4.0, the blacklist (ban) note parameter stored in the database was rendered into an HTML data-note attribute without escaping, enabling a stored XSS when an admin with blacklist privileges views the user management page...
PT-2026-31318
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist ban note parameter in UserController::ajax blackList post is stored in the database without sanitization and rendered into...