VIR Vulnerability Intelligence Relay

Package impact

php Packagist / ci4-cms-erp/ci4ms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-41203 critical 9.5 28d ago CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE
CVE-2026-41202 critical 9.5 28d ago CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE
CVE-2026-35035 critical 9.5 2mo ago CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS
CVE-2026-41201 critical 9.1 9.1 28d ago CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS
CVE-2026-34989 critical 9.0 9.0 2mo ago CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS