[CRITICAL] CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS

PKSA-htcp-qzb1-t2rb CVE-2026-34563 GHSA-85m8-g393-jcxf

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub