Vulnerabilidades en ci4-cms-erp
33 resultadosCVE-2026-34557CRITICALCI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34558CRITICALCI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34989CRITICALCI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34562MEDIUMCI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34563CRITICALCI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSSEPSS 0.3%CVE-2026-41891MEDIUMCI4MS: Deactivated User Session Bypass (active=0)EPSS 0.3%CVE-2026-34565CRITICALCI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34566CRITICALCI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-34567CRITICALCI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.3%CVE-2026-39392MEDIUMCI4MS has Stored XSS in Pages Content Due to Missing html_purify SanitizationEPSS 0.2%CVE-2026-39390MEDIUMCI4MS has Stored XSS via srcdoc attribute bypass in Google Maps iframe settingEPSS 0.2%CVE-2026-39391MEDIUMCI4MS has Stored XSS via Unescaped Blacklist Note in Admin User ListEPSS 0.2%CVE-2026-34561MEDIUMCI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSSEPSS 0.2%