Description

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories section. An attacker can inject a malicious JavaScript payload into the Categories content, which is then stored server-side. This stored payload is later rendered unsafely when the Categories are viewed via blog posts, without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.

INFO

Published Date :

2026-04-01T21:28:23.544Z

Last Modified :

2026-04-02T16:23:41.808Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34567 vulnerability.

Vendors Products
Ci4-cms-erp
  • Ci4ms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34567.

URL Resource
https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0 cve-icon cve-icon
https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-r33w-c82v-x5v7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact