CVE-2026-39391 | ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0/0.31.2.0 ajax_blackList_post note cross site scripting (GHSA-7cm9-v848-cfh2)

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability marked as problematic has been reported in ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0/0.31.2.0. This impacts the function UserController::ajax_blackList_post. The manipulation of the argument note leads to cross site scripting.

This vulnerability is referenced as CVE-2026-39391. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-39391 | ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0/0.31.2.0 ajax_blackList_post note cross site scripting (GHSA-7cm9-v848-cfh2)

Post correlati

CVE-2026-4841 | code-projects Online Food Ordering System 1.0 Shopping Cart form/cart.php del sql injection

CVE-2024-56203 | George Holmes II Wayne Audio Player Plugin up to 1.0 on WordPress cross-site request forgery

CVE-2024-4698 | Testimonial Carousel for Elementor Plugin up to 10.1.1 on WordPress cross site scripting

CVE-2024-4186 | Edwiser Bridge Plugin up to 3.0.5 on WordPress improper authentication