[CRITICAL] CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-9k1p-9kvd-d2db CVE-2026-34560 GHSA-r4v5-rwr2-q7r4

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub