[CRITICAL] CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

PKSA-vgkt-cmh2-qyjg CVE-2026-34571 GHSA-fc4p-p49v-r948

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.28.6.0

Reported by:
GitHub