CVE-2026-41201
CRITICALCI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2
Title source: cnaDescription
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-qxpq-82f3-xj47
X_Refsource_Misc x_refsource_misc
https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0
Scores
CVSS v3
9.1
EPSS
0.0033
EPSS Percentile
24.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (2)
ci4-cms-erp/ci4ms
0 - 0.31.5.0Packagist
ci4-cms-erp/ci4ms
= 0.31.4.0
Published
May 07, 2026
Tracked Since
May 07, 2026