VulnerableCode Package Details - pkg:composer/opensource-workshop/connect-cms@1.35.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1pxp-npuh-p3bx Aliases: CVE-2026-32278 GHSA-mv3p-7p89-wq9p	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.	1.41.1 Affected by 0 other vulnerabilities. 2.41.1 Affected by 0 other vulnerabilities.
VCID-5yh8-ck3y-nffp Aliases: CVE-2026-32300 GHSA-qr6x-wvxr-8hm9	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.	1.41.1 Affected by 0 other vulnerabilities. 2.41.1 Affected by 0 other vulnerabilities.
VCID-ax7b-4rpg-g3fw Aliases: CVE-2026-32299 GHSA-62ch-j6x7-722j	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.	1.41.1 Affected by 0 other vulnerabilities. 2.41.1 Affected by 0 other vulnerabilities.
VCID-rqvq-a22q-5yhy Aliases: CVE-2026-32279 GHSA-jh46-85jr-6ph9	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.	1.41.1 Affected by 0 other vulnerabilities. 2.41.1 Affected by 0 other vulnerabilities.
VCID-rrbr-cnuw-vubr Aliases: CVE-2026-32277 GHSA-cmfh-mpmf-fmq4	Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.	1.41.1 Affected by 0 other vulnerabilities. 2.0.0 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.41.1 Affected by 0 other vulnerabilities.
VCID-u3my-rrph-sbcd Aliases: CVE-2026-32276 GHSA-hxqw-6qv7-cqfv	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.	1.41.1 Affected by 0 other vulnerabilities. 2.41.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1pxp-npuh-p3bx
Aliases:
CVE-2026-32278
GHSA-mv3p-7p89-wq9p

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.