CVE-2026-34557 in ci4-cms-erp ci4msinformação

Sumário (Inglês)

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input fields (three distinct group-related fields) can be injected with malicious JavaScript payloads, which are then stored server-side. These stored payloads are later rendered unsafely within privileged administrative views without proper output encoding, leading to stored cross-site scripting (XSS) within the role and permission management context. This issue has been patched in version 0.31.0.0.

Responsável

GitHub_M

Reservar

30/03/2026

Divulgação

30/03/2026

Inscrições

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidade	CWE	Exp	Con	CVE
354287	ci4-cms-erp ci4ms Permission Management Script de Site Cruzado	79	Não definido	Correção oficial	CVE-2026-34557

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!