Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Opensource-workshop |
|
No data.
No data.
References
History
Tue, 24 Mar 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Opensource-workshop
Opensource-workshop connect-cms |
|
| Vendors & Products |
Opensource-workshop
Opensource-workshop connect-cms |
Tue, 24 Mar 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch. | |
| Title | Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View | |
| Weaknesses | CWE-79 | |
| References |
|
|
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-03-23T21:22:08.425Z
Updated: 2026-03-23T21:22:08.425Z
Reserved: 2026-03-11T15:05:48.400Z
Link: CVE-2026-32277
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-03-23T22:16:27.260
Modified: 2026-03-23T22:16:27.260
Link: CVE-2026-32277
Redhat
No data.