A vulnerability marked as problematic has been reported in ci4-cms-erp ci4ms 0.28.5.0 . This affects an unknown function of the component Categories Section . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-34567 . The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.