โ† Back to Dashboard

CVE-2026-41201

CRITICAL NVD
CVSS Score
9.1
Severity
CRITICAL
Source
NVD
Published
May 07, 2026
Description

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0.

View Full Details โ† Back