A vulnerability, which was classified as problematic , has been found in ci4-cms-erp ci4ms 0.28.5.0 . Affected by this issue is some unknown functionality. This manipulation of the argument tag name causes cross site scripting. This vulnerability is tracked as CVE-2026-34559 . The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.