CVE-2026-34566— CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34566
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Source: NVD (National Vulnerability Database)
Vulnerability Description
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editing pages. Multiple input fields accept attacker-controlled JavaScript payloads that are stored server-side. These stored values are later rendered without proper output encoding across administrative page lists and public-facing page views, leading to stored DOM-based cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
CI4MS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CI4MS是Ci4MS开源的一个博客页面管理工具。 CI4MS 0.31.0.0之前版本存在跨站脚本漏洞,该漏洞源于在页面管理功能中创建或编辑页面时未正确清理用户输入,可能导致存储型基于DOM的跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ci4-cms-erp | ci4ms | < 0.31.0.0 | - |
II. Public POCs for CVE-2026-34566
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34566
请登录查看更多情报信息。
Same Patch Batch · ci4-cms-erp · 2026-04-01 · 14 CVEs total
| CVE-2026-34571 | 10.0 CRITICAL | CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session |
| CVE-2026-34569 | 10.0 CRITICAL | CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Sto |
| CVE-2026-34568 | 9.1 CRITICAL | CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored D |
| CVE-2026-34560 | 9.1 CRITICAL | CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS |
| CVE-2026-34559 | 9.1 CRITICAL | CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DO |
| CVE-2026-34567 | 9.1 CRITICAL | CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34564 | 9.1 CRITICAL | CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34563 | 9.1 CRITICAL | CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via St |
| CVE-2026-34565 | 9.1 CRITICAL | CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation |
| CVE-2026-34572 | 8.8 HIGH | CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via I |
| CVE-2026-34570 | 8.8 HIGH | CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Impro |
| CVE-2026-34562 | 4.7 MEDIUM | CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeo |
| CVE-2026-34561 | 4.7 MEDIUM | CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account T |
IV. Related Vulnerabilities
Same product: ci4ms
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same vendor: ci4-cms-erp
- CVE-2026-41891
CI4MS: Deactivated User Session Bypass (active=0) - CVE-2026-41890
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess - CVE-2026-41203
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE - CVE-2026-41202
ci4ms Backup::restore is vulnerable to Zip Slip leading to R - CVE-2026-41201
CI4MS: Backup Management Full Account Takeover for All-Roles
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2026-34566
No comments yet