top of page
perceptive_background_267k.jpg

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0 …

Published:

5 April 2026 at 22:00:00

Alert date:

6 April 2026 at 18:04:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

CI4MS, a CodeIgniter 4-based CMS skeleton, contains a stored cross-site scripting vulnerability in versions prior to 0.31.2.0. The vulnerability exists in the System Settings – Company Information section where administrative configuration fields fail to properly sanitize user input. Attacker-controlled input is stored server-side and rendered without proper output encoding on public-facing pages. The vulnerability only impacts the public frontend, not the administrative dashboard. The issue has been fixed in version 0.31.2.0.

Technical details

Mitigation steps:

Affected products:

CI4MS
CodeIgniter 4

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-35035
https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-5ghq-42rg-769x

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page