{"vulnerability": "cve-2026-41201", "sightings": [{"uuid": "9eadc5ee-b48b-4078-9e5b-cbeb755a9d4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41201", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlaphzcmwc2n", "content": "CVE-2026-41201 - CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2\nCVE ID : CVE-2026-41201\n \n Published : May 7, 2026, 4:16 a.m. | 2\u00a0hours, 4\u00a0minutes ago\n \n Description : CI4MS is a CodeIgniter 4-based CMS sk...", "creation_timestamp": "2026-05-07T07:37:58.922971Z"}, {"uuid": "ae70cf94-ff98-49d8-80c7-8e230761f3cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41201", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116532827037914049", "content": "\u26a0\ufe0f CRITICAL XSS in ci4ms 0.31.4.0 (CVE-2026-41201): Stored DOM XSS via backup filename lets attackers fully take over accounts. Upgrade to 0.31.5.0 now! https://radar.offseq.com/threat/cve-2026-41201-cwe-79-improper-neutralization-of-i-fc417f58 #OffSeq #XSS #Vuln #InfoSec", "creation_timestamp": "2026-05-07T10:30:27.429403Z"}, {"uuid": "e3e04efa-3587-46ea-889c-58497f65a017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41201", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlaz4hpvm32y", "content": "ci4ms 0.31.4.0 hit by CRITICAL XSS (CVSS 9.1) in backup module \u2014 attackers can hijack accounts. Upgrade to 0.31.5.0 now! https://radar.offseq.com/threat/cve-2026-41201-cwe-79-improper-neutralization-of-i-fc417f58 #OffSeq #XSS #PatchNow", "creation_timestamp": "2026-05-07T10:30:29.469421Z"}, {"uuid": "068f9f49-d5d9-40c3-b70e-81d9d5e14d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41201", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mmc3hwnkmj2c", "content": "CVE-2026-41201 - Critical Stored DOM XSS in Ci4ms CMS. Full account takeover via malicious SQL file in backup module. CVSS 9.1. Update to v0.31.5.0 now. #CVE #Ci4ms #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-41201/", "creation_timestamp": "2026-05-20T14:10:32.626188Z"}]}