ci4-cms-erp
Enterprise Softwareunknown
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting ci4-cms-erp.
- CVE-2026-41201CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 29.1
- CVE-2026-39394CI4MS has an .env CRLF Injection via Unvalidated `host` Parameter in Install Controller8.1
- CVE-2026-39393Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms8.1
- CVE-2026-39392CI4MS has Stored XSS in Pages Content Due to Missing html_purify Sanitization5.5
- CVE-2026-39391CI4MS has Stored XSS via Unescaped Blacklist Note in Admin User List4.8
- CVE-2026-39390CI4MS has Stored XSS via srcdoc attribute bypass in Google Maps iframe setting5.5
- CVE-2026-39389CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files6.7
- CVE-2026-35035CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS7.2
- CVE-2026-34989CI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS9.0
- CVE-2026-34572CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)8.8
- CVE-2026-34571CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise9.9
- CVE-2026-34570CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw)8.8
- CVE-2026-34569CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS9.9
- CVE-2026-34568CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS9.1
- CVE-2026-34567CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS9.1