CVE-2026-34564

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0

Description The application does not properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Management functionality. Page-related data selected via the Pages section is stored server-side and rendered without proper output encoding. This stored payload is then rendered unsafely within administrative interfaces and public-facing navigation menus, leading to stored DOM-based cross-site scripting (XSS). The vulnerable functionality includes the Menu Management – Pages section, adding pages to navigation menus, and the menu storage and rendering logic. An attacker can create or control a page containing a malicious JavaScript payload, add the page to the menu, and the payload will execute whenever the menu is rendered. This can lead to privilege escalation, full administrator account takeover, and full compromise of the application. The vulnerable API endpoint is /backend/menu/.

Recommendations Versions prior to 0.31.0.0: Upgrade to version 0.31.0.0 or later to address the vulnerability. Avoid unsafe DOM manipulation methods such as .html() and innerHTML. Apply HTML entity encoding on all user-controlled data before rendering it in the browser. Implement input sanitization to ensure all user-supplied input is properly sanitized before processing or output. Enforce security headers and cookie attributes, including Content Security Policy (CSP), the HttpOnly flag, the SameSite attribute, and the Secure flag.