CVE-2026-34559

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0

Description The application does not properly sanitize user-controlled input when creating or editing blog tags. An attacker can inject a malicious JavaScript payload into the tag name field, which is then stored server-side. This stored payload is rendered unsafely across public tag pages and administrative interfaces without proper output encoding, leading to stored cross-site scripting (XSS). The affected functionality includes blog tag creation, editing, storage, and retrieval logic. The vulnerability can lead to the execution of arbitrary JavaScript in victims’ browsers, potentially resulting in privilege escalation, full administrator account takeover, and full application compromise. The affected API endpoints are /backend/blogs/tags/ and /blog/{id}. The vulnerable parameter is the tag name field.

Recommendations Apply output encoding to all user-controlled data before rendering it in the browser. Implement input sanitization to properly sanitize all user-supplied input before processing or output. Avoid unsafe DOM manipulation methods such as .html() and innerHTML. Enforce security headers and cookie attributes, including Content Security Policy (CSP), the HttpOnly flag on session cookies, the SameSite attribute, and the Secure flag.