Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-32277

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

8.7CVSS5.8AI score0.00327EPSS
Exploits0References1
NVD
NVD
added 2026/03/23 10:16 p.m.11 views

CVE-2026-32279

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and...

6.8CVSS0.00347EPSS
Exploits0References5
OSV
OSV
added 2026/03/23 9:6 p.m.4 views

CVE-2026-32276 Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

8.8CVSS6.2AI score0.00463EPSS
Exploits0References6
OSV
OSV
added 2026/03/23 8:36 p.m.2 views

GHSA-MV3P-7P89-WQ9P Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Security Advisory — Form Plugin Stored XSS Summary A Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the file field of the Form Plugin, Stored...

8.2CVSS5.9AI score0.00197EPSS
Exploits0References6
Rows per page
Query Builder