CVE-2026-35035 | ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0 Setting cross site scripting (GHSA-5ghq-42rg-769x)

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability classified as problematic has been found in ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0. Impacted is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2026-35035. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-35035 | ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0 Setting cross site scripting (GHSA-5ghq-42rg-769x)

Post correlati

CVE-2024-3090 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Add Ambulance Page /admin/add-ambulance.php Ambulance Reg No/Driver Name cross site scripting

CVE-2024-13066 | Akinsoft LimonDesk up to 1.02.16 ui layer

CVE-2026-26993 | FlintSH Flare 1.7.1 SVG cross site scripting (GHSA-q8fp-w6m5-4gjm)

CVE-2024-21669 | aries-cloudagent Privilege Escalation