CVE-2026-34564 - Vulnerability Analysis

Overview

CI4MS < 0.31.0.0 contains a stored XSS caused by improper sanitization and output encoding of user-controlled input in Menu Management, letting attackers execute scripts in admin and public navigation menus, exploit requires crafted input.

Severity & Score

Impact

Attackers can execute arbitrary scripts in admin and public interfaces, potentially stealing credentials or performing actions on behalf of users.

Mitigation

Update to version 0.31.0.0 or later.

References

• https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-g4pp-fhgf-8653
• https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0

Social Media Activity(1 post)

OffSequence

@offseq

Apr 2, 2026

🚨 CVE-2026-34564 (CRITICAL, CVSS 9.1): ci4ms < 0.31.0.0 vulnerable to stored XSS via Menu Management. Low-priv attackers can inject scripts, impacting admins & users. Patch & audit menus now. https://radar.offseq.com/threat/cve-2026-34564-cwe-79-improper-neutralization-of-i-8f6e6ad8 #OffSeq #XSS #infosec #vuln

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner