{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34558", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T16:31:39.265Z", "datePublished": "2026-03-30T20:24:36.374Z", "dateUpdated": "2026-03-31T15:25:20.115Z"}, "containers": {"cna": {"title": "CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-v77r-xg3p-75g7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-v77r-xg3p-75g7"}], "affected": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "versions": [{"version": "< 0.31.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T20:24:36.374Z"}, "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality when creating or managing application methods/pages. Multiple input fields accept attacker-controlled JavaScript payloads that are stored server-side without sanitization or output encoding. These stored values are later rendered directly into administrative interfaces and global navigation components without proper encoding, resulting in Stored DOM-Based Cross-Site Scripting (XSS). This issue has been patched in version 0.31.0.0."}], "source": {"advisory": "GHSA-v77r-xg3p-75g7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T15:25:04.512810Z", "id": "CVE-2026-34558", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T15:25:20.115Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS", "source": {"advisory": "GHSA-v77r-xg3p-75g7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ci4-cms-erp", "product": "ci4ms", "versions": [{"status": "affected", "version": "< 0.31.0.0"}]}], "references": [{"url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-v77r-xg3p-75g7", "name": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-v77r-xg3p-75g7", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality when creating or managing application methods/pages. Multiple input fields accept attacker-controlled JavaScript payloads that are stored server-side without sanitization or output encoding. These stored values are later rendered directly into administrative interfaces and global navigation components without proper encoding, resulting in Stored DOM-Based Cross-Site Scripting (XSS). This issue has been patched in version 0.31.0.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T20:24:36.374Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34558", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T15:25:04.512810Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-31T15:25:16.390Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-34558", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:24:36.374Z", "dateReserved": "2026-03-30T16:31:39.265Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T20:24:36.374Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Methods Management functionality when creating or managing application methods/pages. Multiple input fields accept attacker-controlled JavaScript payloads that are stored server-side without sanitization or output encoding. These stored values are later rendered directly into administrative interfaces and global navigation components without proper encoding, resulting in Stored DOM-Based Cross-Site Scripting (XSS). This issue has been patched in version 0.31.0.0."}], "id": "CVE-2026-34558", "lastModified": "2026-03-30T21:17:10.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-30T21:17:10.493", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-v77r-xg3p-75g7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.31.0.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "ci4ms", "source": "cna", "vendor": "ci4-cms-erp"}, "product": "ci4ms", "vendor": "ci4-cms-erp"}], "analysis": {"en": {"generated_at": "2026-03-31T06:25:32.216011+00:00", "value": {"mitigation_remediation": ["Apply the official patch by upgrading CI4MS to version 0.31.0.0 or later", "If an immediate upgrade is impossible, temporarily disable or restrict access to the Methods Management functionality until the patch is deployed", "As an interim measure, perform server\u2011side input filtering or output encoding on all fields accepting user input in the management panel", "Consider deploying a WAF rule to block script injections targeting the CMS management endpoints"], "summary": {"action": "Patching", "impact": "Stored DOM XSS enabling full account takeover"}, "threat_synthesis": {"affected_systems": "All CI4MS releases earlier than 0.31.0.0 are susceptible. The weakness resides in the Methods Management component of the CMS, where users can create or modify application methods and pages via web forms.", "description_and_impact": "CI4MS, a CodeIgniter\u2011based CMS framework, stores JavaScript payloads submitted through the Methods Management panel without sanitization or encoding. The stored script is later injected into administrative pages and global navigation, causing a stored, DOM\u2011based cross\u2011site scripting vulnerability. The flaw allows an attacker to execute code in the session of any user who views the affected content, potentially leading to complete administrative compromise and privilege escalation.", "risk_and_exploitability": "The base CVSS score of 9.1 reflects a high\u2011severity condition with no network or authentication requirements beyond normal CMS usage. The exploit is straightforward: craft a malicious script, submit it through the management interface, and trigger its execution when an administrator accesses the affected view. Although EPSS data is lacking and the vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog, the high CVSS and low attack complexity make it likely to be abused if unpatched."}}}}, "created": "2026-03-31T19:59:56.316328+00:00", "updated": "2026-03-31T20:40:09.729379+00:00", "vendors": ["ci4-cms-erp", "ci4-cms-erp$PRODUCT$ci4ms"]}