Package impact
Packagist / ci4-cms-erp/ci4ms
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45270 | high | — | 8.0 | 16d ago | CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule | |||
| CVE-2026-41587 | high | — | 8.0 | 1mo ago | CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution |