ci4-cms-erp/ci4ms Security Advisories for 0.31.0.0 (15)
-
[HIGH] CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule
PKSA-cfx9-7tcq-n157 CVE-2026-45270 GHSA-gqr2-7hcg-rchf
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
PKSA-x2rt-sj8n-h21z CVE-2026-45139 GHSA-245j-xjvr-xvm5
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule
PKSA-7xbg-9dns-gxm5 CVE-2026-45138 GHSA-2m69-jmvh-6chr
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS has a Deactivated User Session Bypass (active=0)
PKSA-cf98-gsv6-bv96 CVE-2026-41891 GHSA-5hfv-c864-qcq9
Affected version: >=0.26.0,<=0.31.7.0
Reported by:
GitHub -
[HIGH] CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution
PKSA-gg2g-kjmj-cghy CVE-2026-41587 GHSA-fw49-9xq4-gmx6
Affected version: >=0.26.0.0,<=0.31.6.0
Reported by:
GitHub -
[CRITICAL] CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE
PKSA-tyjg-jzs3-mzjt CVE-2026-41203 GHSA-xv3r-vr59-95rg
Affected version: <0.31.5.0
Reported by:
GitHub -
[CRITICAL] CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE
PKSA-2xsc-43zp-v4cr CVE-2026-41202 GHSA-xp9f-pvvc-57p4
Affected version: <0.31.5.0
Reported by:
GitHub -
[MEDIUM] CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS
PKSA-219p-5b8k-2v2r CVE-2026-41201 GHSA-qxpq-82f3-xj47
Affected version: <0.31.5.0
Reported by:
GitHub -
[HIGH] CI4MS Vulnerable to .env CRLF Injection via Unvalidated `host` Parameter in Install Controller
PKSA-rh74-dqx1-j9wm CVE-2026-39394 GHSA-vfhx-5459-qhqh
Affected version: <=0.31.3.0
Reported by:
GitHub -
[HIGH] CI4MS Vulnerable to Post-Installation Re-entry via Cache-Dependent Install Guard Bypass
PKSA-1wjp-gt44-q5bg CVE-2026-39393 GHSA-8rh5-4mvx-xj7j
Affected version: <=0.31.3.0
Reported by:
GitHub -
[MEDIUM] CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization
PKSA-9pcd-vkjt-q5hq CVE-2026-39392 GHSA-fjpj-6qcq-6pw2
Affected version: <=0.31.3.0
Reported by:
GitHub -
[MEDIUM] CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List
PKSA-v96y-q2b3-cqc5 CVE-2026-39391 GHSA-7cm9-v848-cfh2
Affected version: <=0.31.3.0
Reported by:
GitHub -
[MEDIUM] CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting
PKSA-znp8-d94g-vhxv CVE-2026-39390 GHSA-x3hr-cp7x-44r2
Affected version: <=0.31.3.0
Reported by:
GitHub -
[MEDIUM] CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files
PKSA-qjrw-zc8d-74p2 CVE-2026-39389 GHSA-9rxp-f27p-wv3h
Affected version: <=0.31.3.0
Reported by:
GitHub -
[CRITICAL] CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS
PKSA-2zsh-chw8-v8ty CVE-2026-35035 GHSA-5ghq-42rg-769x
Affected version: <=0.31.1.0
Reported by:
GitHub