Home / Vulnerability Intelligence / CVE-2026-34568

CVE-2026-34568 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 1, 2026

CI4MS - Stored XSS

Published: April 1, 2026Updated: April 1, 2026Remote Exploitable

Overview

CI4MS < 0.31.0.0 contains a stored cross-site scripting caused by improper sanitization of user input in blog post content, letting attackers inject malicious JavaScript payloads that execute in other users' browsers, exploit requires crafted blog post content.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can execute arbitrary JavaScript in users' browsers, potentially stealing cookies or performing actions on behalf of users.

Mitigation

Update to version 0.31.0.0 or later.

References

https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0
https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-x7wh-g25g-53vg

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34568
Severity: Critical
CVSS Score: 9.1
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L