Executive Summary

This vulnerability exists in CI4MS, a CodeIgniter 4-based CMS skeleton, in versions prior to 0.31.0.0. The issue arises because the application does not properly sanitize user-controlled input when adding Pages to navigation menus via the Menu Management functionality. Specifically, page-related data selected through the Pages section is stored on the server and later rendered without proper output encoding. This leads to stored DOM-based cross-site scripting (XSS), where malicious scripts can be injected and executed within both administrative interfaces and public-facing navigation menus.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts including unauthorized script execution within the context of the affected application. Because it is a stored DOM-based XSS, attackers can inject malicious scripts that execute when administrators or users view affected navigation menus. This can lead to theft of sensitive information, session hijacking, defacement, or further exploitation of the system. The CVSS score of 9.1 indicates a high severity with potential for significant confidentiality, integrity, and availability impacts.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade CI4MS to version 0.31.0.0 or later, where the issue has been patched.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in CI4MS allows stored DOM-based cross-site scripting (XSS) due to improper sanitization and output encoding of user-controlled input. This can lead to unauthorized script execution within administrative and public interfaces.

Such a vulnerability can impact compliance with standards like GDPR and HIPAA because it may lead to unauthorized access or manipulation of sensitive data, compromise user privacy, and undermine data integrity and security controls required by these regulations.

Specifically, the high CVSS score (9.1) indicates a severe risk that could result in confidentiality, integrity, and availability impacts, all of which are critical factors in regulatory compliance frameworks.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by inspecting the Menu Management functionality, specifically the Pages section, for stored malicious scripts that are rendered without proper sanitization. Since the vulnerable endpoint is `/backend/menu/`, monitoring HTTP requests and responses to this endpoint for suspicious payloads containing JavaScript code (e.g., `<img src=x onerror=alert(document.domain)>`) can help identify exploitation attempts.

You can use network monitoring tools like curl or wget to fetch the menu page and check for unsanitized scripts in the response. For example, a command like:

• curl -s -k https://your-ci4ms-instance/backend/menu/ | grep -i '<script\|onerror\|onload'

can help detect if any script tags or event handlers are present in the menu rendering output.

Additionally, reviewing the database entries related to navigation menus for stored HTML or JavaScript payloads can help detect the presence of malicious stored XSS payloads.

Implementing Content Security Policy (CSP) headers and monitoring browser console logs for XSS errors when accessing the menu pages can also assist in detection.

Useful 0 Not Useful 0