Security Advisories - ci4-cms-erp/ci4ms

ci4-cms-erp/ci4ms Security Advisories for 0.25.0.30 (27)

[HIGH] CI4MS Vulnerable to .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

PKSA-rh74-dqx1-j9wm CVE-2026-39394 GHSA-vfhx-5459-qhqh

Affected version: <=0.31.3.0

Reported by:
GitHub
[HIGH] CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass

PKSA-1wjp-gt44-q5bg CVE-2026-39393 GHSA-8rh5-4mvx-xj7j

Affected version: <=0.31.3.0

Reported by:
GitHub
[MEDIUM] CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

PKSA-9pcd-vkjt-q5hq CVE-2026-39392 GHSA-fjpj-6qcq-6pw2

Affected version: <=0.31.3.0

Reported by:
GitHub
[MEDIUM] CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

PKSA-v96y-q2b3-cqc5 CVE-2026-39391 GHSA-7cm9-v848-cfh2

Affected version: <=0.31.3.0

Reported by:
GitHub
[MEDIUM] CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting

PKSA-znp8-d94g-vhxv CVE-2026-39390 GHSA-x3hr-cp7x-44r2

Affected version: <=0.31.3.0

Reported by:
GitHub
[MEDIUM] CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files

PKSA-qjrw-zc8d-74p2 CVE-2026-39389 GHSA-9rxp-f27p-wv3h

Affected version: <=0.31.3.0

Reported by:
GitHub
[CRITICAL] CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

PKSA-2zsh-chw8-v8ty CVE-2026-35035 GHSA-5ghq-42rg-769x

Affected version: <=0.31.1.0

Reported by:
GitHub
[CRITICAL] CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-m42v-jjr9-d9jw CVE-2026-34989 GHSA-vr2g-rhm5-q4jr

Affected version: <=0.28.6.0

Reported by:
GitHub
[HIGH] CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

PKSA-srvq-v3bs-mj79 CVE-2026-34572 GHSA-8fq3-c5w3-pj3q

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

PKSA-vgkt-cmh2-qyjg CVE-2026-34571 GHSA-fc4p-p49v-r948

Affected version: <=0.28.6.0

Reported by:
GitHub
[HIGH] CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

PKSA-xc2p-nr46-tjxw CVE-2026-34570 GHSA-4vxv-4xq4-p84h

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-418j-5ftc-hsbw CVE-2026-34569 GHSA-fhrf-q333-82fm

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-vbz6-f418-8p15 CVE-2026-34568 GHSA-x7wh-g25g-53vg

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-485k-t9tj-8z9f CVE-2026-34567 GHSA-r33w-c82v-x5v7

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-xqh9-kym3-gzkm CVE-2026-34566 GHSA-458r-h248-29c5

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-xz64-59cc-54j6 CVE-2026-34565 GHSA-xgh5-w62m-8mpr

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-dscn-pm72-89xm CVE-2026-34564 GHSA-g4pp-fhgf-8653

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS

PKSA-htcp-qzb1-t2rb CVE-2026-34563 GHSA-85m8-g393-jcxf

Affected version: <=0.28.6.0

Reported by:
GitHub
[MEDIUM] CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-5wvv-b5q1-7q3y CVE-2026-34562 GHSA-v897-c6vq-6cr3

Affected version: <=0.28.6.0

Reported by:
GitHub
[MEDIUM] CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-76s3-z1f6-2f6c CVE-2026-34561 GHSA-gcfj-cf7j-vwgj

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-9k1p-9kvd-d2db CVE-2026-34560 GHSA-r4v5-rwr2-q7r4

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-vjzx-2b18-dktw CVE-2026-34559 GHSA-4333-387x-w245

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-rqgq-p6xv-4qz8 CVE-2026-34557 GHSA-rpjr-985c-qhvm

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-r2q1-2d2k-3p65 CVE-2026-34558 GHSA-v77r-xg3p-75g7

Affected version: <=0.28.6.0

Reported by:
GitHub
[MEDIUM] ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-3cpq-nyc1-zgst CVE-2026-27599 GHSA-66m2-v9v9-95c3

Affected version: <=0.28.6.0

Reported by:
GitHub
[CRITICAL] CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

PKSA-ztv6-h3sy-m4xc CVE-2026-25510 GHSA-gp56-f67f-m4px

Affected version: <0.28.5.0

Reported by:
GitHub
[MEDIUM] CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

PKSA-72bz-jm9q-1sgn CVE-2026-25509 GHSA-654x-9q7r-g966

Affected version: <0.28.5.0

Reported by:
GitHub

ci4-cms-erp/ci4ms Security Advisories for 0.25.0.30 (27)

[HIGH] CI4MS Vulnerable to .env CRLF Injection via Unvalidated `host` Parameter in Install Controller

[HIGH] CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass

[MEDIUM] CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

[MEDIUM] CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

[MEDIUM] CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting

[MEDIUM] CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files

[CRITICAL] CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

[CRITICAL] CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[HIGH] CI4MS: Account Deactivation Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

[CRITICAL] CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

[HIGH] CI4MS: Account Deletion Module Grants Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)

[CRITICAL] CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS

[MEDIUM] CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[MEDIUM] CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[MEDIUM] ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

[CRITICAL] CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

[MEDIUM] CI4MS Vulnerable to User Email Enumeration via Password Reset Flow