A vulnerability, which was classified as problematic , was found in ci4-cms-erp ci4ms 0.28.5.0 . This affects an unknown part of the component Administrative Interface . Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-34571 . The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.