CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2026/04/01 12:9 a.m.•2 views

EUVD-2026-17214

CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.1CVSS5.8AI score0.00021EPSS

Exploits1References2

OSV•added 2026/04/01 12:9 a.m.•2 views

GHSA-V77R-XG3P-75G7 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Methods Management Fields Global Persistent Payload Execution - Stored Cross-Site Scripting via Unsanitized Method Creation and Management Inputs - Automatic Execution Across All Pages Where Method Is Rendered in Navigation Description The application fai...

9.1CVSS6.3AI score0.00021EPSS

Exploits1References3

Github Security Blog•added 2026/04/01 12:9 a.m.•2 views

CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

9.1CVSS6.3AI score0.00021EPSS

Exploits1References3Affected Software1

RedhatCVE•added 2026/03/31 10:58 p.m.•3 views

CVE-2026-34558

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality when creating or...

9.1CVSS5.8AI score0.00021EPSS

Exploits1References1

NVD•added 2026/03/30 9:17 p.m.•1 views

CVE-2026-34558

9.1CVSS0.00021EPSS

Exploits1References1

CVE•added 2026/03/30 8:24 p.m.•4 views

CVE-2026-34558

CI4MS is a CodeIgniter 4-based CMS skeleton. Affected versions prior to 0.31.0.0 expose stored DOM-based XSS via the Methods Management functionality where attacker-controlled input is stored server-side and later rendered in admin interfaces and global navigation without proper encoding. The roo...

9.1CVSS5.8AI score0.00021EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/30 8:24 p.m.•1 views

CVE-2026-34558 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

9.1CVSS5.8AI score0.00021EPSS

Exploits1References1

OSV•added 2026/03/30 8:24 p.m.•2 views

CVE-2026-34558 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

9.1CVSS5.8AI score0.00021EPSS

Exploits1References3

Cvelist•added 2026/03/30 8:24 p.m.•17 views

CVE-2026-34558 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

9.1CVSS0.00021EPSS

Exploits1References1

ATTACKERKB•added 2026/03/30 8:24 p.m.•1 views

CVE-2026-34558

9.1CVSS5.8AI score0.00021EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/03/30 12:0 a.m.•1 views

PT-2026-29128

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS is a CodeIgniter 4-based CMS skeleton providing a modular architecture with RBAC authorization and theme support. The application does not properly sanitize user-controlled input within the...

9.1CVSS5.9AI score0.00021EPSS

Exploits1References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by