CVE-2026-34565

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0

Description The application does not properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Management functionality. Post-related data selected via the Posts section is stored server-side and rendered without proper output encoding. These stored values are rendered unsafely within administrative dashboards and public-facing navigation menus, resulting in stored DOM-based cross-site scripting (XSS). The vulnerable functionality involves adding posts to navigation menus via the Posts section in Menu Management. An attacker can create or control a post containing a malicious JavaScript payload, add it to the menu, and the payload will execute whenever the menu is rendered. This can lead to privilege escalation, full administrator account takeover, and full compromise of the application. The affected API endpoint is /backend/menu/. The vulnerability involves unsafe rendering of post entries in menu management, specifically when adding posts to navigation menus.

Recommendations Prior to version 0.31.0.0, avoid unsafe DOM manipulation methods such as .html() and innerHTML. Apply HTML entity encoding to all user-controlled data before rendering it in the browser. Implement input sanitization to ensure all user-supplied input is properly sanitized before processing or output. Enforce security headers and cookie attributes, including Content Security Policy (CSP), the HttpOnly flag on session cookies, the SameSite attribute, and the Secure flag for HTTPS transmission.