A vulnerability has been found in ci4-cms-erp ci4ms 0.28.5.0 and classified as problematic . Affected by this vulnerability is an unknown functionality of the component Setting Handler . This manipulation causes cross site scripting. This vulnerability is registered as CVE-2026-34561 . Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.