[MEDIUM] ci4-cms-erp/ci4ms: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-3cpq-nyc1-zgst CVE-2026-27599 GHSA-66m2-v9v9-95c3

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub