Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Vulnerability Description
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a malicious JavaScript payload into blog post content, which is then stored server-side. This stored payload is later rendered unsafely in multiple application views without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
CI4MS 跨站脚本漏洞
Vulnerability Description
CI4MS是Ci4MS开源的一个博客页面管理工具。 CI4MS 0.31.0.0之前版本存在跨站脚本漏洞,该漏洞源于创建或编辑博客文章时未正确清理用户输入,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A