[CRITICAL] CI4MS: Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-m42v-jjr9-d9jw CVE-2026-34989 GHSA-vr2g-rhm5-q4jr

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub