CVE-2026-34564— CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34564
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Source: NVD (National Vulnerability Database)
Vulnerability Description
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Management functionality. Page-related data selected via the Pages section is stored server-side and rendered without proper output encoding. This stored payload is later rendered unsafely within administrative interfaces and public-facing navigation menus, leading to stored DOM-based cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
CI4MS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CI4MS是Ci4MS开源的一个博客页面管理工具。 CI4MS 0.31.0.0之前版本存在跨站脚本漏洞,该漏洞源于通过菜单管理功能向导航菜单添加页面时未正确清理用户输入,可能导致存储型基于DOM的跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ci4-cms-erp | ci4ms | < 0.31.0.0 | - |
II. Public POCs for CVE-2026-34564
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 7522 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-34564
请登录查看更多情报信息。
Same Patch Batch · ci4-cms-erp · 2026-04-01 · 14 CVEs total
| CVE-2026-34571 | 10.0 CRITICAL | CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session |
| CVE-2026-34569 | 10.0 CRITICAL | CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Sto |
| CVE-2026-34568 | 9.1 CRITICAL | CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored D |
| CVE-2026-34560 | 9.1 CRITICAL | CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS |
| CVE-2026-34559 | 9.1 CRITICAL | CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DO |
| CVE-2026-34567 | 9.1 CRITICAL | CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34566 | 9.1 CRITICAL | CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Sto |
| CVE-2026-34563 | 9.1 CRITICAL | CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via St |
| CVE-2026-34565 | 9.1 CRITICAL | CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34572 | 8.8 HIGH | CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via I |
| CVE-2026-34570 | 8.8 HIGH | CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Impro |
| CVE-2026-34562 | 4.7 MEDIUM | CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeo |
| CVE-2026-34561 | 4.7 MEDIUM | CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account T |
IV. Related Vulnerabilities
Same product: ci4ms
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same vendor: ci4-cms-erp
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2026-34564
No comments yet