{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34557", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:31:39.265Z", "datePublished": "2026-03-30T20:24:24.126Z", "dateUpdated": "2026-03-31T14:10:46.649Z"}, "containers": {"cna": {"title": "CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm"}], "affected": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "versions": [{"version": "< 0.31.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T20:24:24.126Z"}, "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input fields (three distinct group-related fields) can be injected with malicious JavaScript payloads, which are then stored server-side. These stored payloads are later rendered unsafely within privileged administrative views without proper output encoding, leading to stored cross-site scripting (XSS) within the role and permission management context. This issue has been patched in version 0.31.0.0."}], "source": {"advisory": "GHSA-rpjr-985c-qhvm", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T14:10:40.483565Z", "id": "CVE-2026-34557", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:10:46.649Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS", "source": {"advisory": "GHSA-rpjr-985c-qhvm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "versions": [{"status": "affected", "version": "< 0.31.0.0"}]}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm", "name": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input fields (three distinct group-related fields) can be injected with malicious JavaScript payloads, which are then stored server-side. These stored payloads are later rendered unsafely within privileged administrative views without proper output encoding, leading to stored cross-site scripting (XSS) within the role and permission management context. This issue has been patched in version 0.31.0.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T20:24:24.126Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34557", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T14:10:40.483565Z"}}}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-31T14:08:34.522Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-34557", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:24:24.126Z", "dateReserved": "2026-03-30T16:31:39.265Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T20:24:24.126Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input fields (three distinct group-related fields) can be injected with malicious JavaScript payloads, which are then stored server-side. These stored payloads are later rendered unsafely within privileged administrative views without proper output encoding, leading to stored cross-site scripting (XSS) within the role and permission management context. This issue has been patched in version 0.31.0.0."}, {"lang": "es", "value": "CI4MS es un esqueleto de CMS basado en CodeIgniter 4 que ofrece una arquitectura modular lista para producci\u00f3n con autorizaci\u00f3n RBAC y soporte de temas. Antes de la versi\u00f3n 0.31.0.0, la aplicaci\u00f3n no logra sanitizar correctamente la entrada controlada por el usuario dentro de la funcionalidad de gesti\u00f3n de grupos y roles. M\u00faltiples campos de entrada (tres campos distintos relacionados con grupos) pueden ser inyectados con cargas \u00fatiles de JavaScript maliciosas, las cuales son luego almacenadas en el servidor. Estas cargas \u00fatiles almacenadas son luego renderizadas de forma insegura dentro de vistas administrativas privilegiadas sin una codificaci\u00f3n de salida adecuada, lo que lleva a cross-site scripting (XSS) almacenado dentro del contexto de gesti\u00f3n de roles y permisos. Este problema ha sido parcheado en la versi\u00f3n 0.31.0.0."}], "id": "CVE-2026-34557", "lastModified": "2026-03-31T15:16:20.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-30T21:17:10.323", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-rpjr-985c-qhvm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}