A vulnerability, which was classified as problematic , was found in Ellucian Banner Self-Service up to 9.23 . The affected element is an unknown function of the component dateConverter Endpoint . Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-32856 . It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.