UNKNOWNCVE-2026-34989

CVE-2026-34989: ci4-cms-erp/ci4ms <=0.31.3.0 Stored XSS

Q: What is CVE-2026-34989?

CVE-2026-34989 is a stored XSS vulnerability in ci4-cms-erp/ci4ms that allows attackers to inject malicious JavaScript code into user profiles.

Q: Am I affected by CVE-2026-34989?

You are affected if you are using ci4-cms-erp/ci4ms version 0.31.3.0 or earlier.

Q: How do I fix CVE-2026-34989?

Upgrade to ci4-cms-erp/ci4ms version 31.0.0.0 or later.

Plattform

php

Komponente

ci4-cms-erp/ci4ms

Behoben in

31.0.0.0

Auf NVD ansehen

CVE-2026-34989 is a critical Stored Cross-Site Scripting (XSS) vulnerability in ci4-cms-erp/ci4ms versions 0.31.3.0 and earlier. The application fails to properly sanitize user-controlled input when updating the profile name, allowing an attacker to inject malicious JavaScript code. This code is then executed in multiple application views. Upgrade to version 31.0.0.0 to fix this vulnerability.

So beheben

Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.

Häufig gestellte Fragen

What is CVE-2026-34989?

CVE-2026-34989 is a stored XSS vulnerability in ci4-cms-erp/ci4ms that allows attackers to inject malicious JavaScript code into user profiles.

Am I affected by CVE-2026-34989?

You are affected if you are using ci4-cms-erp/ci4ms version 0.31.3.0 or earlier.

How do I fix CVE-2026-34989?

Upgrade to ci4-cms-erp/ci4ms version 31.0.0.0 or later.

Abhängigkeiten automatisch überwachen

Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.

Kostenlos starten