VIR Vulnerability Intelligence Relay

Package impact

php Packagist / ci4-cms-erp/ci4ms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45270 high 8.0 17d ago CI4MS: Stored XSS in Pages Module Content via Broken html_purify Validation Rule
CVE-2026-41587 high 8.0 1mo ago CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution
CVE-2026-45139 medium 5.5 17d ago CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
CVE-2026-45138 medium 5.5 17d ago CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule
CVE-2026-41891 medium 5.5 1mo ago CI4MS has a Deactivated User Session Bypass (active=0)
CVE-2026-41890 medium 5.5 1mo ago CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess