Lucene search
K

51 matches found

Snyk
Snyk
added 2026/04/03 4:0 a.m.3 views

Improper Privilege Management

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Improper Privilege Management via the profile name update process. An attacker can execute arbitrary JavaScript in the browsers of users, including administrators, by...

9.9CVSS6.1AI score0.00297EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.6 views

CVE-2026-34570

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic flaw in the backend...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/02 10:54 p.m.16 views

CVE-2026-34560

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

9.1CVSS5.8AI score0.0038EPSS
Exploits1References1
NVD
NVD
added 2026/04/01 10:16 p.m.9 views

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS0.00393EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 10:16 p.m.9 views

CVE-2026-34569

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can injec...

9.9CVSS0.00324EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 10:16 p.m.7 views

CVE-2026-34568

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

9.1CVSS0.00317EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 10:16 p.m.9 views

CVE-2026-34560

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

9.1CVSS0.0038EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 10:16 p.m.3 views

CVE-2026-34563

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An...

9.1CVSS0.00269EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 10:9 p.m.4 views

Incorrect Comparison Logic Granularity

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Incorrect Comparison Logic Granularity in the session management process. An attacker can retain full access to protected resources and perform privileged actions by...

8.8CVSS5.9AI score0.00502EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/01 10:8 p.m.5 views

EUVD-2026-18086

CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation Logic Flaw...

10CVSS5.8AI score0.00502EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 10:8 p.m.3 views

Incorrect Comparison Logic Granularity

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Incorrect Comparison Logic Granularity due to improper session invalidation in the account deletion process. An attacker can maintain persistent access to protected...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/01 10:7 p.m.3 views

EUVD-2026-18084

CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.9CVSS5.8AI score0.00324EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 10:7 p.m.5 views

EUVD-2026-18082

CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.1CVSS5.8AI score0.00317EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 10:6 p.m.3 views

EUVD-2026-18080

CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.1CVSS5.8AI score0.00269EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 10:5 p.m.5 views

EUVD-2026-18078

CI4MS: Menu Management Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

9.1CVSS5.8AI score0.00269EPSS
Exploits1References2
CVE
CVE
added 2026/04/01 9:32 p.m.7 views

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton. Before version 0.31.0.0, a Stored XSS vulnerability exists in the backend user management functionality due to inadequate input sanitization when rendering in the admin interface. This enables persistent JavaScript execution, leading to potential sessi...

9.9CVSS6AI score0.00393EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/01 9:32 p.m.22 views

CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS0.00393EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/01 9:28 p.m.19 views

CVE-2026-34568 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

9.1CVSS0.00317EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:28 p.m.4 views

CVE-2026-34568

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

9.1CVSS5.7AI score0.00317EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 9:26 p.m.2 views

CVE-2026-34565

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Manageme...

9.1CVSS5.7AI score0.00269EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder