[CRITICAL] CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-485k-t9tj-8z9f CVE-2026-34567 GHSA-r33w-c82v-x5v7

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub