CVE-2026-34565
Received Received - Intake
Stored DOM XSS in CI4MS Menu Management Component

Publication date: 2026-04-01

Last updated on: 2026-04-06

Assigner: GitHub, Inc.

Description
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Management functionality. Post-related data selected via the Posts section is stored server-side and rendered without proper output encoding. These stored values are later rendered unsafely within administrative dashboards and public-facing navigation menus, resulting in stored DOM-based cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-06
Generated
2026-05-07
AI Q&A
2026-04-02
EPSS Evaluated
2026-05-05
NVD
CVE-2026-34565
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ci4-cms-erp ci4ms to 0.31.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in CI4MS, a CodeIgniter 4-based CMS skeleton, occurs because the application does not properly sanitize user-controlled input when adding Posts to navigation menus via the Menu Management functionality. Specifically, post-related data selected through the Posts section is stored on the server and later rendered without proper output encoding. This leads to stored DOM-based cross-site scripting (XSS), where malicious scripts can be injected and executed within both administrative dashboards and public-facing navigation menus.

This issue was present prior to version 0.31.0.0 and has been fixed in that version.


How can this vulnerability impact me? :

This vulnerability can have serious impacts including unauthorized script execution within the context of the affected website. Because it is a stored DOM-based cross-site scripting (XSS) vulnerability, attackers can inject malicious scripts that execute whenever users or administrators access the affected navigation menus or dashboards.

  • Compromise of user accounts or administrative accounts through session hijacking or credential theft.
  • Manipulation or theft of sensitive data displayed or accessible via the affected application.
  • Potential disruption of service or unauthorized actions performed on behalf of legitimate users.

The CVSS v3.1 base score of 9.1 indicates a critical severity with network attack vector, low attack complexity, requiring low privileges but no user interaction, and impacts confidentiality, integrity, and availability.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade CI4MS to version 0.31.0.0 or later, where the issue has been patched.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows stored DOM-based cross-site scripting (XSS) attacks that can lead to full account takeover, privilege escalation, and complete compromise of the application. Such security breaches can result in unauthorized access to sensitive personal or protected health information, potentially violating data protection regulations like GDPR and HIPAA.

The improper sanitization and encoding of user input increase the risk of data exposure and manipulation, which undermines confidentiality and integrity requirements mandated by these standards.

Mitigations recommended include implementing proper input sanitization, output encoding, and security headers (Content Security Policy, HttpOnly, SameSite, Secure flags) to reduce the risk of XSS and related attacks, thereby helping maintain compliance with security controls required by common regulations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking if your CI4MS installation is running a version prior to 0.31.0.0, as versions up to 0.28.6.0 are vulnerable. Specifically, the vulnerable endpoint is `/backend/menu/` where user-controlled post data is added to navigation menus without proper sanitization.

To detect exploitation attempts or presence of malicious payloads, you can monitor HTTP requests to the `/backend/menu/` endpoint for suspicious input containing JavaScript payloads such as `<img src=x onerror=alert(document.domain)>` or other script tags.

Additionally, reviewing stored posts that are added to navigation menus for unsanitized HTML or script content can help identify if the vulnerability has been exploited.

Suggested commands to assist detection include:

  • Using curl or wget to test the vulnerable endpoint for injection of script payloads:
  • curl -X POST -d 'post_content=<img src=x onerror=alert(document.domain)>' https://your-ci4ms-site/backend/menu/
  • Searching server-side stored posts for suspicious script tags using grep:
  • grep -r '<script\|onerror=' /path/to/ci4ms/storage/posts/
  • Monitoring web server logs for requests to `/backend/menu/` containing suspicious payloads:
  • grep '/backend/menu/' /var/log/nginx/access.log | grep -i 'onerror\|<script'

Implementing Content Security Policy (CSP) and other security headers can also help mitigate exploitation and should be verified as part of your security posture.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart