[MEDIUM] CI4MS: Backup Management Full Account Takeover for All Roles & Privilege Escalation via Stored DOM Blind XSS

PKSA-219p-5b8k-2v2r CVE-2026-41201 GHSA-qxpq-82f3-xj47

Affected package: ci4-cms-erp/ci4ms

Affected version: <0.31.5.0

Reported by:
GitHub