Home / Vulnerability Intelligence / CVE-2026-34567

CVE-2026-34567 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 3, 2026

CI4MS - Stored XSS

Published: April 1, 2026Updated: April 3, 2026Remote Exploitable

Overview

CI4MS < 0.31.0.0 contains a stored cross-site scripting caused by improper sanitization of user input in Categories content, letting attackers inject malicious JavaScript payloads executed when viewing blog posts, exploit requires user interaction.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 4.6%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary JavaScript in users' browsers, potentially stealing credentials or performing actions on behalf of users.

Mitigation

Update to version 0.31.0.0 or later.

References

Social Media Activity(1 post)

OffSequence

@offseq

Apr 2, 2026

CRITICAL: CVE-2026-34567 in ci4ms (<0.31.0.0) enables stored XSS via blog categories. Attackers can hijack sessions or steal data. Upgrade to 0.31.0.0 ASAP & audit for injected scripts. https://radar.offseq.com/threat/cve-2026-34567-cwe-79-improper-neutralization-of-i-5c12fe3e #OffSeq #XSS #InfoSec #CVE202634567

View original post

Related Resources

Details

CVE ID: CVE-2026-34567
Severity: Critical
CVSS Score: 9.1
Type: stored_xss
Status: unconfirmed
EPSS: 4.6%
Social Posts: 1

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

EPSS Score

4.6%Probability of exploitation in the next 30 days