515 matches found
CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS
An attacker can acheive Full Account Takeover & Privilege Escalation via Stored DOM Blind XSS on public-facing landing pages through the System Settings Company Information section which allows the injection of XSS payloads...
CVE-2026-35035 CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...
CVE-2026-5628
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of th...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean up user-controlled inputs in the system settings – company information section. A...
CVE-2026-5338
A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...
CVE-2026-34561
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...
EUVD-2026-18340
A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...
CVE-2026-5338
A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...
CVE-2026-5338
CVE-2026-5338 affects Tenda G103 1.0.0.5. The vulnerability is in the Setting Handler’s Setting System component, specifically the file system.lua and its function action_set_system_settings . Manipulating the argument lanIp leads to a remote command injection , with exploitation disclosed public...
CVE-2026-34562
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...
EUVD-2026-18074
CI4MS: System Settings Company Information Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...
GHSA-V897-C6VQ-6CR3 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via System Settings – Company Information Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Company Information Configuration Fields with Immediate Same-Page Execution Description The application fails t...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Company Information configuration fields within the system settings. An attacker can execute arbitrary JavaScript in...
CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via System Settings – Company Information Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Company Information Configuration Fields with Immediate Same-Page Execution Description The application fails t...
GHSA-GCFJ-CF7J-VWGJ CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via System Settings – Social Media Management Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-site Scripting via Unsanitized Social Media Configuration Fields with Immediate Same-Page Execution Description The application fails to...
CVE-2026-34562 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...
CVE-2026-34562
CI4MS (CodeIgniter 4-based CMS skeleton) prior to 0.31.0.0 suffers a stored DOM XSS vulnerability in System Settings – Company Information. Attacker-controlled inputs in fields such as Company Name, Slogan, contact details, and Google Maps/ media links are stored server-side and rendered without ...
CVE-2026-34562 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...
CVE-2026-34561
Summary of CVE-2026-34561 : CI4MS (CodeIgniter 4-based CMS skeleton) before version 0.31.0.0 is vulnerable to a stored DOM XSS in System Settings → Social Media Management. Attacker-controlled input entered in fields such as Social Media and Social Media Link is stored server-side and rendered wi...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean up user-controlled inputs in the system settings – social media management sectio...