Lucene search
K

515 matches found

Github Security Blog
Github Security Blog
added 2026/04/06 5:53 p.m.7 views

CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

An attacker can acheive Full Account Takeover & Privilege Escalation via Stored DOM Blind XSS on public-facing landing pages through the System Settings Company Information section which allows the injection of XSS payloads...

9CVSS5.2AI score0.00455EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 4:49 p.m.4 views

CVE-2026-35035 CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

7.2CVSS6AI score0.00455EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 6:16 a.m.7 views

CVE-2026-5628

A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of th...

9CVSS0.00663EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean up user-controlled inputs in the system settings – company information section. A...

9CVSS5.6AI score0.00455EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 5:0 p.m.3 views

CVE-2026-5338

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

7.2CVSS5.7AI score0.04353EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.7 views

CVE-2026-34561

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...

8.4CVSS5.8AI score0.00229EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18340

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

5.8CVSS5.6AI score0.04353EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/02 2:0 p.m.2 views

CVE-2026-5338

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

5.8CVSS5.6AI score0.04353EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/02 2:0 p.m.10 views

CVE-2026-5338

CVE-2026-5338 affects Tenda G103 1.0.0.5. The vulnerability is in the Setting Handler’s Setting System component, specifically the file system.lua and its function action_set_system_settings . Manipulating the argument lanIp leads to a remote command injection , with exploitation disclosed public...

7.2CVSS5.6AI score0.04353EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/01 10:16 p.m.4 views

CVE-2026-34562

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...

9CVSS0.00274EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 10:3 p.m.7 views

EUVD-2026-18074

CI4MS: System Settings Company Information Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

4.7CVSS5.8AI score0.00274EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 10:3 p.m.1 views

GHSA-V897-C6VQ-6CR3 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via System Settings – Company Information Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Company Information Configuration Fields with Immediate Same-Page Execution Description The application fails t...

4.7CVSS6.2AI score0.00274EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/01 10:3 p.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Company Information configuration fields within the system settings. An attacker can execute arbitrary JavaScript in...

9CVSS6AI score0.00274EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/01 10:3 p.m.5 views

CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via System Settings – Company Information Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Company Information Configuration Fields with Immediate Same-Page Execution Description The application fails t...

9CVSS6.2AI score0.00274EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/01 10:2 p.m.3 views

GHSA-GCFJ-CF7J-VWGJ CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via System Settings – Social Media Management Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-site Scripting via Unsanitized Social Media Configuration Fields with Immediate Same-Page Execution Description The application fails to...

9.1CVSS6.2AI score0.00229EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/01 9:23 p.m.2 views

CVE-2026-34562 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...

4.7CVSS5.8AI score0.00274EPSS
Exploits1References2
CVE
CVE
added 2026/04/01 9:23 p.m.14 views

CVE-2026-34562

CI4MS (CodeIgniter 4-based CMS skeleton) prior to 0.31.0.0 suffers a stored DOM XSS vulnerability in System Settings – Company Information. Attacker-controlled inputs in fields such as Company Name, Slogan, contact details, and Google Maps/ media links are stored server-side and rendered without ...

9CVSS5.8AI score0.00274EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/01 9:23 p.m.24 views

CVE-2026-34562 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...

4.7CVSS0.00274EPSS
Exploits1References2
CVE
CVE
added 2026/04/01 9:23 p.m.10 views

CVE-2026-34561

Summary of CVE-2026-34561 : CI4MS (CodeIgniter 4-based CMS skeleton) before version 0.31.0.0 is vulnerable to a stored DOM XSS in System Settings → Social Media Management. Attacker-controlled input entered in fields such as Social Media and Social Media Link is stored server-side and rendered wi...

8.4CVSS5.8AI score0.00229EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

CI4MS 跨站脚本漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to properly clean up user-controlled inputs in the system settings – social media management sectio...

8.4CVSS5.6AI score0.00229EPSS
Exploits1References2
Rows per page
Query Builder