LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-34565

CVE-2026-34565 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 3, 2026

CI4MS - Stored XSS

Published: April 1, 2026Updated: April 3, 2026Remote Exploitable

Overview

CI4MS < 0.31.0.0 contains a stored XSS caused by improper sanitization and output encoding of user-controlled post data in Menu Management, letting attackers execute scripts in admin and public dashboards, exploit requires adding posts to navigation menus.

Severity & Score

Severity: Critical
CVSS Score: 9.1
EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary scripts in admin and public dashboards, potentially leading to session hijacking or unauthorized actions.

Mitigation

Update to version 0.31.0.0 or later.

References

Social Media Activity(1 post)

OffSequence
OffSequence
@offseq
Apr 2, 2026

⚠️ CRITICAL: CVE-2026-34565 in ci4ms (<0.31.0.0) enables persistent XSS via menu management. Low-priv users can inject scripts impacting admins & users. Upgrade to 0.31.0.0+ now! https://radar.offseq.com/threat/cve-2026-34565-cwe-79-improper-neutralization-of-i-f662be7e #OffSeq #XSS #WebSecurity

View original post

Related Resources

Details

CVE ID
CVE-2026-34565
Severity
Critical
CVSS Score
9.1
Type
stored_xss
Status
unconfirmed
EPSS
4.6%
Social Posts
1

CWE

  • CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

EPSS Score

4.6%Probability of exploitation in the next 30 days