{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34568", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:56:30.998Z", "datePublished": "2026-04-01T21:28:55.727Z", "dateUpdated": "2026-04-02T13:51:49.965Z"}, "containers": {"cna": {"title": "CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg"}, {"name": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0"}], "affected": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "versions": [{"version": "< 0.31.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T21:28:55.727Z"}, "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stored server-side. This stored payload is later rendered unsafely in multiple application views without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0."}], "source": {"advisory": "GHSA-x7wh-g25g-53vg", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T13:51:46.699755Z", "id": "CVE-2026-34568", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:51:49.965Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34568", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T13:51:46.699755Z"}}}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:51:41.255Z"}}], "cna": {"title": "CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS", "source": {"advisory": "GHSA-x7wh-g25g-53vg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "versions": [{"status": "affected", "version": "< 0.31.0.0"}]}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg", "name": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0", "name": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stored server-side. This stored payload is later rendered unsafely in multiple application views without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T21:28:55.727Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34568", "state": "PUBLISHED", "dateUpdated": "2026-04-02T13:51:49.965Z", "dateReserved": "2026-03-30T16:56:30.998Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-01T21:28:55.727Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stored server-side. This stored payload is later rendered unsafely in multiple application views without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0."}], "id": "CVE-2026-34568", "lastModified": "2026-04-02T14:16:30.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-01T22:16:20.570", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.31.0.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ci4ms", "source": "cna", "vendor": "ci4-cms-erp"}, "product": "ci4ms", "vendor": "ci4-cms-erp"}], "analysis": {"en": {"generated_at": "2026-04-02T05:36:07.497184+00:00", "value": {"mitigation_remediation": ["Upgrade ci4ms to version 0.31.0.0 or later", "If an upgrade is not possible immediately, limit blog post creation and editing to trusted users only or disable the feature for untrusted accounts", "Implement a strict Content Security Policy that disallows inline JavaScript to reduce the effectiveness of any remaining XSS attempts"], "summary": {"action": "Immediate Patch", "impact": "Stored XSS full account takeover"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the ci4ms product from ci4-cms-erp. All installations running a version earlier than 0.31.0.0 are vulnerable. The flaw originates in the blog post creation and editing functionality, so users with permission to add or edit posts can insert the malicious content.", "description_and_impact": "CI4MS, a CodeIgniter 4 CMS, does not sanitize input in its blog post editor for versions older than 0.31.0.0. An attacker can embed malicious JavaScript into a post\u2019s content; the payload is stored on the server and rendered directly in several views without proper encoding. When any user\u2014incl. administrators\u2014views the post, the script executes in the victim\u2019s browser and can hijack the session, allowing the attacker to take full control of the account and the system.", "risk_and_exploitability": "A CVSS score of 9.1 classifies this flaw as critical. Exploitation requires only the ability to create or edit a blog post; every subsequent viewer of the post runs the injected script, enabling session hijacking and complete account takeover. EPSS data is unavailable and the vulnerability is not listed in the KEV catalog, yet the high severity score, straightforward attack path, and widespread impact make it a high\u2011priority risk for operators."}}}}, "created": "2026-04-02T07:47:15.430464+00:00", "updated": "2026-04-02T20:16:12.750924+00:00", "vendors": ["ci4-cms-erp", "ci4-cms-erp$PRODUCT$ci4ms"]}