CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0 …

CI4MS, a CodeIgniter 4-based CMS skeleton, contains a stored cross-site scripting vulnerability in versions prior to 0.31.2.0. The vulnerability exists in the System Settings – Company Information section where administrative configuration fields fail to properly sanitize user input. Attacker-controlled input is stored server-side and rendered without proper output encoding on public-facing pages. The vulnerability only impacts the public frontend, not the administrative dashboard. The issue has been fixed in version 0.31.2.0.