[CRITICAL] CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

PKSA-vbz6-f418-8p15 CVE-2026-34568 GHSA-x7wh-g25g-53vg

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub