Law6Zx7

**Name of the Vulnerable Software and Affected Versions** CI4MS versions prior to 0.31.0.0 **Description** CI4MS, a CodeIgniter 4-based CMS, is susceptible to a stored Cross-site Scripting (XSS) issue within the System Settings – Social Media Management section. The application does not properly sanitize user-controlled input in the 'Social Media' and 'Social Media Link' configuration fields, leading to the storage and subsequent rendering of malicious payloads without appropriate output encoding. This results in same-page DOM-based XSS, where the injected payload breaks out of the input attribute context and executes immediately in the browser of an authenticated user managing settings. The affected functionality includes the System Settings – Social Media Management configuration, same-page rendering of user-controlled input fields, DOM attribute injection within form inputs, and the storage and retrieval of social media configuration values. An attacker can inject a malicious JavaScript payload into these fields, which is then stored and re-rendered without sanitization, leading to arbitrary JavaScript execution, potential administrative privilege escalation, and full account or platform compromise. The vulnerable API endpoint is `/backend/settings/`. The vulnerable parameters are `Social Media` and `Social Media Link`. **Recommendations** Versions prior to 0.31.0.0 should be updated to version 0.31.0.0 or later. Avoid unsafe DOM manipulation methods such as `.html()` and `innerHTML`. Implement HTML entity encoding on all user-controlled data before rendering it in the browser. Implement input sanitization to ensure all user-supplied input is properly sanitized before processing or output. Enforce security headers and cookie attributes, including Content Security Policy (CSP), the `HttpOnly` flag on session cookies, the `SameSite` attribute on cookies, and the `Secure` flag for HTTPS transmission.

**Name of the Vulnerable Software and Affected Versions** CI4MS versions prior to 0.31.0.0 **Description** CI4MS fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative configuration fields, including Company Name, Slogan, Company Phone, Company Mobile, Company Email, Google Maps iframe link, and Company Logo, accept attacker-controlled input that is stored server-side and later rendered without proper output encoding. This results in stored DOM-based Cross-Site Scripting (XSS) with immediate same-page execution. The vulnerability allows an attacker to inject a malicious JavaScript payload into these fields, which breaks out of the HTML attribute context and executes in the browser of the authenticated user managing settings. This can lead to administrative privilege escalation and full platform compromise. The affected API endpoint is `/backend/settings/` (Company Information). The vulnerable parameters are the input fields within the Company Information section. **Recommendations** Versions prior to 0.31.0.0: Upgrade to version 0.31.0.0 or later to address the vulnerability. Avoid unsafe DOM manipulation methods such as `.html()` and `innerHTML`. Apply HTML entity encoding to all user-controlled data before rendering it in the browser. Implement input sanitization to ensure all user-supplied input is properly sanitized before processing or output.

**Name of the Vulnerable Software and Affected Versions**: CI4MS versions prior to 0.31.0.0 **Description**: CI4MS, a CodeIgniter 4-based CMS skeleton, contains a Stored Cross-Site Scripting (Stored XSS) issue in the backend user management functionality. The application does not properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript code. This code executes automatically when backend users access the affected page, potentially enabling session hijacking, privilege escalation, and full administrative account compromise. The vulnerability resides in the backend user creation feature accessible via the `/backend/users` API endpoint. User-supplied input in the `name` and `surname` fields is stored without validation or sanitization and is then injected into the HTML without output encoding. This allows attackers to embed malicious JavaScript payloads that execute in the context of authenticated backend users. **Recommendations**: Update CI4MS to version 0.31.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** CI4MS versions prior to 0.31.0.0 **Description** CI4MS, a CodeIgniter 4-based CMS skeleton, does not properly sanitize user-controlled input within System Settings – Mail Settings. Configuration fields, including Mail Server, Mail Port, Email Address, Email Password, Mail Protocol, and TLS settings, accept attacker-controlled input that is stored server-side and rendered without proper output encoding. This results in stored, same-page DOM-based Cross-Site Scripting (XSS). The issue allows an attacker to inject a malicious JavaScript payload into these fields, which then executes immediately on the same settings page in the browser context of the authenticated user. The affected functionality includes the System Settings – Mail Settings configuration and the rendering of user-controlled input fields. The API endpoint `/backend/settings/` (Mail Settings) is involved. Vulnerable parameters include `Mail Server`, `Mail Port`, `Email Address`, `Email Password`, `Mail Protocol`, and `Domain`. **Recommendations** Versions prior to 0.31.0.0 should be updated to version 0.31.0.0 or later. Apply proper HTML encoding and input sanitization for all configuration fields. Enforce CSP, HttpOnly, SameSite, and Secure flags for cookies to reduce the severity of XSS and potential CSRF escalation. Audit all other system settings fields for similar attribute injection vulnerabilities.