Plattform
php
Komponente
ci4-cms-erp/ci4ms
Behoben in
0.31.1
0.31.0.0
CVE-2026-34564 describes a stored DOM Cross-Site Scripting (XSS) vulnerability within the ci4-cms-erp/ci4ms CMS. This vulnerability allows attackers to inject malicious scripts that are persistently stored and rendered, potentially compromising administrative interfaces and public-facing navigation menus. The vulnerability affects versions of ci4-cms-erp/ci4ms up to and including 0.28.6.0, with a fix available in version 0.31.0.0.
The impact of this XSS vulnerability is significant due to its persistent nature. An attacker can inject malicious JavaScript code when adding pages to navigation menus. This code is then stored server-side and rendered whenever a user, including administrators, views the menu. Successful exploitation could allow an attacker to steal session cookies, redirect users to phishing sites, deface the website, or execute arbitrary code within the context of the user's browser. Given the CMS ERP nature of the application, sensitive data such as customer information, financial records, and operational data could be at risk. The stored nature of the payload means that the attack persists even after the initial injection, affecting all subsequent users who view the affected menu.
CVE-2026-34564 was publicly disclosed on 2026-04-01. There is currently no indication of this vulnerability being actively exploited in the wild, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the relatively high CVSS score (9.1) suggests a high probability of exploitation if a PoC is released. The vulnerability's stored nature makes it particularly attractive to attackers.
Organizations using ci4-cms-erp/ci4ms for their ERP or CMS systems, particularly those with custom menu configurations or integrations, are at risk. Shared hosting environments where multiple websites share the same server instance are also at increased risk, as a vulnerability in one website could potentially impact others.
• php: Examine the menu.php file (or equivalent menu management file) for unsanitized user input related to page titles and descriptions. Search for instances where data from the database is directly rendered in HTML without proper encoding.
// Example of vulnerable code (simplified)
<?php echo $_GET['page_title']; ?>• generic web: Monitor access logs for unusual requests targeting menu-related endpoints with potentially malicious payloads in the URL parameters. Look for POST requests to menu management forms containing suspicious characters.
grep -i '<script' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-34564 is to upgrade to version 0.31.0.0 or later, which contains the necessary fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Input validation and output encoding should be implemented on all user-supplied data used in menu rendering. Web Application Firewalls (WAFs) can be configured to detect and block XSS payloads targeting the menu management functionality. Specifically, look for patterns related to JavaScript injection within page titles or descriptions. Review and sanitize any custom menu rendering code. After upgrading, confirm the fix by adding a page to a menu with a test payload (e.g., <script>alert('XSS')</script>) and verifying that the script is not executed when the menu is viewed.
Actualice ci4ms a la versión 0.31.0.0 o superior. Esta versión corrige la vulnerabilidad de XSS almacenado en la gestión de menús, evitando la ejecución de código malicioso en el navegador de los usuarios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-34564 is a critical stored DOM XSS vulnerability in ci4-cms-erp/ci4ms versions up to 0.28.6.0, allowing attackers to inject malicious scripts via menu entries.
Yes, if you are using ci4-cms-erp/ci4ms version 0.28.6.0 or earlier, you are vulnerable to this XSS attack.
Upgrade to version 0.31.0.0 or later of ci4-cms-erp/ci4ms. As a temporary workaround, implement strict input validation and output encoding.
While no public exploits are currently known, the high CVSS score and ease of exploitation suggest a potential for active exploitation.
Refer to the official ci4-cms-erp project repository or website for the latest security advisories and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.