Ci4-Cms-Erp/Ci4ms (<= 0.31.8.0)

A stored XSS vulnerability (CVE-2026-45270) exists in the Pages module of CI4MS due to improper sanitization of page content, allowing an attacker with `pages.create` permissions to inject malicious code and escalate privileges if an administrator views the page.