[MEDIUM] CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List

PKSA-v96y-q2b3-cqc5 CVE-2026-39391 GHSA-7cm9-v848-cfh2

Affected package: ci4-cms-erp/ci4ms

Affected version: <=0.31.3.0

Reported by:
GitHub