ci4-cms-erp/ci4ms Security Advisories for 0.31.8.0 (3)
-
[HIGH] CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule
PKSA-cfx9-7tcq-n157 CVE-2026-45270 GHSA-gqr2-7hcg-rchf
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
PKSA-x2rt-sj8n-h21z CVE-2026-45139 GHSA-245j-xjvr-xvm5
Affected version: <=0.31.8.0
Reported by:
GitHub -
[MEDIUM] CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule
PKSA-7xbg-9dns-gxm5 CVE-2026-45138 GHSA-2m69-jmvh-6chr
Affected version: <=0.31.8.0
Reported by:
GitHub