CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-34567 — CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo...

Wednesday, April 1, 2026 at 10:16 PM UTC·Source: NIST NVD

Updated: Monday, April 6, 2026 at 04:42 PM UTC

Executive Summary

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories section. An attacker can inject a malicious JavaScript payload into the Categories content, which is then st

Analysis

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories section. An attacker can inject a malicious JavaScript payload into the Categories content, which is then stored server-side. This stored payload is later rendered unsafely when the Categories are viewed via blog posts, without proper output encoding, leading to stored cross-site scripting (XSS). This issue has been patched in version 0.31.0.0. CVSS Score: 9.1. Published: 2026-04-01T22:16:20.420.

Indicators of Compromise (2)

CVE (1)
CVE-2026-34567
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Apr 1, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Coinbase wins conditional approval for national trust bank charter

Coinbase is the latest digital asset firm to receive conditional approval from US regulators for a national trust bank charter.

Finextra
LOWVulnerabilityNEW

Businesses ready to embrace AI-to-AI commerce, consumers more wary - Visa survey

AI-to-AI commerce looks poised to scale, with more than half of US businesses willing to allow agents to negotiate prices and terms directly with other agents on their behalf, according to a survey from Visa.

Finextra
CRITICALVulnerabilityNEW

Trump's Budget Proposal Would Slash CISA After Bruising Year

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/trumps-budget-proposal-would-slash-cisa-after-bruising-year-image_small-6-a-31352.jpg" align=right hspace=4><b>White House Criticizes Cyber Defense Agency - and Proposes a Steep $700 Million Cut</b><br>The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs whil

Bank Info Security