[CRITICAL] CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

PKSA-2zsh-chw8-v8ty CVE-2026-35035 GHSA-5ghq-42rg-769x

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.31.1.0

Reported by:
GitHub