CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation...

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0.

AI Analysis

Stored DOM XSS vulnerability in the backup module filename field, allowing for full account takeover and privilege escalation

Basic Information

ID CVE-2026-41201

Source GitHub_M

Published May 7, 2026 at 03:16

Affected Product

Vendor ci4-cms-erp

Product ci4ms

Version = 0.31.4.0

Affected Versions ci4-cms-erp ci4ms = 0.31.4.0

CWE Classification

CWE-79

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor ci4-cms-erp

Product CI4MS

Version 0.31.4.0

References

{
    "lastseen": "",
    "description": "CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated via a sql file that tampers with the file name field to contain hidden XSS payload. This issue has been patched in version 0.31.5.0.",
    "published": "2026-05-07T03:16:41.280Z",
    "modified": "2026-05-07T03:16:41.280Z",
    "type": "cve",
    "title": "CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2",
    "source": "GitHub_M",
    "references": "https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-qxpq-82f3-xj47\nhttps://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.5.0",
    "id": "CVE-2026-41201",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "ci4-cms-erp ci4ms = 0.31.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ci4ms",
    "version": "= 0.31.4.0",
    "vendor": "ci4-cms-erp",
    "ai_description": "Stored DOM XSS vulnerability in the backup module filename field, allowing for full account takeover and privilege escalation",
    "ai_severity": "Critical",
    "ai_vendor": "ci4-cms-erp",
    "ai_product": "CI4MS",
    "ai_version": "0.31.4.0",
    "ai_score": 9.1
}

CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2_CVE-2026-41201