{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34571/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.9,"id":"CVE-2026-34571"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["xss","web-application","cve-2026-34571"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCI4MS, a CodeIgniter 4-based CMS skeleton designed for production environments, is vulnerable to a stored XSS flaw within its backend user management system. Versions prior to 0.31.0.0 fail to adequately sanitize user-supplied input before rendering it in the administrative interface. This allows a malicious actor to inject persistent JavaScript code that executes automatically whenever a backend user accesses the compromised page. Successful exploitation grants the attacker the ability to hijack user sessions, escalate privileges to gain higher access levels, and potentially achieve complete control over administrative accounts. Users are advised to upgrade to version 0.31.0.0 or later to mitigate this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the CI4MS backend with sufficient privileges to modify user profiles or other data within the user management section.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious JavaScript code into a user profile field, such as the \u0026ldquo;username,\u0026rdquo; \u0026ldquo;email,\u0026rdquo; or any other editable field that is not properly sanitized.\u003c/li\u003e\n\u003cli\u003eThe crafted payload is submitted and stored in the CI4MS database without proper encoding or sanitization.\u003c/li\u003e\n\u003cli\u003eA backend administrator logs into the CI4MS administrative interface and navigates to the user management section.\u003c/li\u003e\n\u003cli\u003eThe vulnerable page retrieves the unsanitized data containing the malicious JavaScript from the database and renders it in the administrator\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe injected JavaScript code executes within the administrator\u0026rsquo;s browser session, allowing the attacker to perform actions on behalf of the administrator.\u003c/li\u003e\n\u003cli\u003eThe attacker can steal the administrator\u0026rsquo;s session cookie, allowing them to bypass authentication and gain persistent access to the administrative interface.\u003c/li\u003e\n\u003cli\u003eWith administrative access, the attacker can install malware, modify system configurations, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this stored XSS vulnerability in CI4MS can have severe consequences, potentially leading to complete compromise of the affected system. An attacker could gain full control over administrative accounts, allowing them to modify website content, install malicious plugins, or steal sensitive data. The vulnerability poses a significant risk to organizations using vulnerable versions of CI4MS to manage their websites.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade CI4MS to version 0.31.0.0 or later to patch the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CI4MS XSS Attempt via HTTP POST\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and output encoding/escaping on all user-supplied data within the CI4MS application to prevent future XSS vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-01T22:16:21Z","date_published":"2026-04-01T22:16:21Z","id":"/briefs/2026-04-ci4ms-xss/","summary":"A stored cross-site scripting (XSS) vulnerability in CI4MS versions prior to 0.31.0.0 allows attackers to inject persistent JavaScript code into the backend user management functionality, leading to session hijacking, privilege escalation, and full administrative account compromise.","title":"CI4MS Stored XSS Vulnerability in User Management","url":"https://feed.craftedsignal.io/briefs/2026-04-ci4ms-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34571","version":"https://jsonfeed.org/version/1.1"}