CVE-2026-34564
Stored DOM XSS in CI4MS Menu Management Component
Publication date: 2026-04-01
Last updated on: 2026-04-07
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ci4-cms-erp | ci4ms | to 0.31.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in CI4MS, a CodeIgniter 4-based CMS skeleton, in versions prior to 0.31.0.0. The issue arises because the application does not properly sanitize user-controlled input when adding Pages to navigation menus via the Menu Management functionality. Specifically, page-related data selected through the Pages section is stored on the server and later rendered without proper output encoding. This leads to stored DOM-based cross-site scripting (XSS), where malicious scripts can be injected and executed within both administrative interfaces and public-facing navigation menus.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized script execution within the context of the affected application. Because it is a stored DOM-based XSS, attackers can inject malicious scripts that execute when administrators or users view affected navigation menus. This can lead to theft of sensitive information, session hijacking, defacement, or further exploitation of the system. The CVSS score of 9.1 indicates a high severity with potential for significant confidentiality, integrity, and availability impacts.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade CI4MS to version 0.31.0.0 or later, where the issue has been patched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in CI4MS allows stored DOM-based cross-site scripting (XSS) due to improper sanitization and output encoding of user-controlled input. This can lead to unauthorized script execution within administrative and public interfaces.
Such a vulnerability can impact compliance with standards like GDPR and HIPAA because it may lead to unauthorized access or manipulation of sensitive data, compromise user privacy, and undermine data integrity and security controls required by these regulations.
Specifically, the high CVSS score (9.1) indicates a severe risk that could result in confidentiality, integrity, and availability impacts, all of which are critical factors in regulatory compliance frameworks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the Menu Management functionality, specifically the Pages section, for stored malicious scripts that are rendered without proper sanitization. Since the vulnerable endpoint is `/backend/menu/`, monitoring HTTP requests and responses to this endpoint for suspicious payloads containing JavaScript code (e.g., `<img src=x onerror=alert(document.domain)>`) can help identify exploitation attempts.
You can use network monitoring tools like curl or wget to fetch the menu page and check for unsanitized scripts in the response. For example, a command like:
- curl -s -k https://your-ci4ms-instance/backend/menu/ | grep -i '<script\|onerror\|onload'
can help detect if any script tags or event handlers are present in the menu rendering output.
Additionally, reviewing the database entries related to navigation menus for stored HTML or JavaScript payloads can help detect the presence of malicious stored XSS payloads.
Implementing Content Security Policy (CSP) headers and monitoring browser console logs for XSS errors when accessing the menu pages can also assist in detection.