Home / Vulnerability Intelligence / CVE-2026-34566

CVE-2026-34566 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 3, 2026

CI4MS - Stored XSS

Published: April 1, 2026Updated: April 3, 2026Remote Exploitable

Overview

CI4MS < 0.31.0.0 contains a stored XSS caused by improper sanitization of user input in Page Management, letting attackers inject JavaScript payloads that execute in admin and public views, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary JavaScript in admin and public pages, leading to session hijacking or unauthorized actions.

Mitigation

Update to version 0.31.0.0 or later.

References

Social Media Activity(1 post)

OffSequence

@offseq

Apr 2, 2026

🚨 CVE-2026-34566: Critical stored XSS (CVSS 9.1) in ci4ms < 0.31.0.0. Attackers can inject persistent JS via Page Management, impacting admins & users. Upgrade to 0.31.0.0+, audit content, enable CSP. Details: https://radar.offseq.com/threat/cve-2026-34566-cwe-79-improper-neutralization-of-i-937ed996 #OffSeq #XSS #Vuln #Infosec

View original post

Related Resources

Details

CVE ID: CVE-2026-34566
Severity: Critical
CVSS Score: 9.1
Type: stored_xss
Status: unconfirmed
EPSS: 4.6%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

EPSS Score

4.6%Probability of exploitation in the next 30 days