CVE-2026-34560— CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34560
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Source: NVD (National Vulnerability Database)
Vulnerability Description
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged data, it is rendered without proper output encoding. This issue becomes a Blind XSS scenario because the attacker does not see immediate execution. Instead, the payload is stored within application logs and only executes later when an administrator views the logs page. This issue has been patched in version 0.31.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
CI4MS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CI4MS是Ci4MS开源的一个博客页面管理工具。 CI4MS 0.31.0.0之前版本存在跨站脚本漏洞,该漏洞源于应用程序在日志界面中不安全地渲染用户控制的输入,如果日志数据中存在任何存储型跨站脚本有效载荷,它将在没有适当输出编码的情况下被渲染,导致盲跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ci4-cms-erp | ci4ms | < 0.31.0.0 | - |
II. Public POCs for CVE-2026-34560
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 12162 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-34560
请登录查看更多情报信息。
Same Patch Batch · ci4-cms-erp · 2026-04-01 · 14 CVEs total
| CVE-2026-34571 | 10.0 CRITICAL | CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session |
| CVE-2026-34569 | 10.0 CRITICAL | CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Sto |
| CVE-2026-34568 | 9.1 CRITICAL | CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored D |
| CVE-2026-34559 | 9.1 CRITICAL | CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DO |
| CVE-2026-34567 | 9.1 CRITICAL | CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34566 | 9.1 CRITICAL | CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Sto |
| CVE-2026-34564 | 9.1 CRITICAL | CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34563 | 9.1 CRITICAL | CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via St |
| CVE-2026-34565 | 9.1 CRITICAL | CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34572 | 8.8 HIGH | CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via I |
| CVE-2026-34570 | 8.8 HIGH | CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Impro |
| CVE-2026-34562 | 4.7 MEDIUM | CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeo |
| CVE-2026-34561 | 4.7 MEDIUM | CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account T |
IV. Related Vulnerabilities
Same product: ci4ms
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same vendor: ci4-cms-erp
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2026-34560
No comments yet