What is the CVSS score of CVE-2026-34559?

CVE-2026-34559 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Ci4ms are affected by CVE-2026-34559?

CI4MS blog tag management (versions before 0.31.0.0) contains a stored cross-site scripting vulnerability that allows authenticated users with tag creation privileges to inject malicious code…. A patch is available.

How to fix or mitigate CVE-2026-34559?

Within 24 hours: Identify all CI4MS installations and document current versions in use; audit user accounts with tag creation privileges and disable unnecessary access. Within 7 days: Monitor vendor advisory channels and security bulletins for patch release; implement input validation rules at the application layer to sanitize tag name fields if available through configuration. Within 30 days: Apply vendor-released patch immediately upon availability to version 0.31.0.0 or later; conduct security audit of stored tags for malicious payloads and reset credentials for administrative accounts.

Ci4ms CVE-2026-34559

EUVD-2026-18070 CRITICAL

Cross-site Scripting (XSS) (CWE-79)

2026-04-01 GitHub_M

GHSA-4333-387x-w245

XSS Ci4ms

9.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch released

Apr 02, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Apr 01, 2026 - 22:16 euvd

EUVD-2026-18070

Analysis Generated

Apr 01, 2026 - 22:16 vuln.today

CVE Published

Apr 01, 2026 - 21:20 nvd

CRITICAL 9.1

DescriptionGitHub Advisory

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a malicious JavaScript payload into the tag name field, which is then stored server-side. This stored payload is later rendered unsafely across public tag pages and administrative interfaces without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.

AnalysisAI

Stored cross-site scripting in CI4MS blog tag management (versions prior to 0.31.0.0) allows authenticated attackers to inject malicious JavaScript through unsanitized tag name fields, achieving code execution in victim browsers with scope change (CVSS 9.1, S:C). The payload persists server-side and executes on public tag pages and administrative interfaces, enabling session hijacking, credential theft, and administrative account compromise. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to CI4MS application

Delivery

Navigate to blog tag creation/editing form

Exploit

Inject JavaScript payload in tag name field

Execution

Submit malicious tag

Impact

JavaScript executes on tag pages and admin interfaces