VulnerableCode Package Details - pkg:composer/opensource-workshop/connect-cms@1.41.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1pxp-npuh-p3bx	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.	CVE-2026-32278 GHSA-mv3p-7p89-wq9p
VCID-5yh8-ck3y-nffp	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.	CVE-2026-32300 GHSA-qr6x-wvxr-8hm9
VCID-ax7b-4rpg-g3fw	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.	CVE-2026-32299 GHSA-62ch-j6x7-722j
VCID-rqvq-a22q-5yhy	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.	CVE-2026-32279 GHSA-jh46-85jr-6ph9
VCID-rrbr-cnuw-vubr	Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.	CVE-2026-32277 GHSA-cmfh-mpmf-fmq4
VCID-u3my-rrph-sbcd	Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.	CVE-2026-32276 GHSA-hxqw-6qv7-cqfv

Vulnerability

Summary

Aliases

VCID-1pxp-npuh-p3bx

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

CVE-2026-32278
GHSA-mv3p-7p89-wq9p

VCID-5yh8-ck3y-nffp

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.

CVE-2026-32300
GHSA-qr6x-wvxr-8hm9

VCID-ax7b-4rpg-g3fw

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.

CVE-2026-32299
GHSA-62ch-j6x7-722j

VCID-rqvq-a22q-5yhy

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

CVE-2026-32279
GHSA-jh46-85jr-6ph9

VCID-rrbr-cnuw-vubr

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.

CVE-2026-32277
GHSA-cmfh-mpmf-fmq4

VCID-u3my-rrph-sbcd

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

CVE-2026-32276
GHSA-hxqw-6qv7-cqfv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:28:13.966533+00:00	GHSA Importer	Fixing	VCID-5yh8-ck3y-nffp	https://github.com/advisories/GHSA-qr6x-wvxr-8hm9	38.6.0
2026-06-13T06:28:13.884644+00:00	GHSA Importer	Fixing	VCID-ax7b-4rpg-g3fw	https://github.com/advisories/GHSA-62ch-j6x7-722j	38.6.0
2026-06-13T06:28:13.813672+00:00	GHSA Importer	Fixing	VCID-rqvq-a22q-5yhy	https://github.com/advisories/GHSA-jh46-85jr-6ph9	38.6.0
2026-06-13T06:28:13.738560+00:00	GHSA Importer	Fixing	VCID-1pxp-npuh-p3bx	https://github.com/advisories/GHSA-mv3p-7p89-wq9p	38.6.0
2026-06-13T06:28:13.633423+00:00	GHSA Importer	Fixing	VCID-rrbr-cnuw-vubr	https://github.com/advisories/GHSA-cmfh-mpmf-fmq4	38.6.0
2026-06-13T06:28:13.568434+00:00	GHSA Importer	Fixing	VCID-u3my-rrph-sbcd	https://github.com/advisories/GHSA-hxqw-6qv7-cqfv	38.6.0
2026-06-12T07:49:58.721478+00:00	GithubOSV Importer	Fixing	VCID-rqvq-a22q-5yhy	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-jh46-85jr-6ph9/GHSA-jh46-85jr-6ph9.json	38.6.0
2026-06-12T07:49:43.427528+00:00	GithubOSV Importer	Fixing	VCID-5yh8-ck3y-nffp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-qr6x-wvxr-8hm9/GHSA-qr6x-wvxr-8hm9.json	38.6.0
2026-06-12T07:49:11.066619+00:00	GithubOSV Importer	Fixing	VCID-1pxp-npuh-p3bx	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-mv3p-7p89-wq9p/GHSA-mv3p-7p89-wq9p.json	38.6.0
2026-06-12T07:49:09.413782+00:00	GithubOSV Importer	Fixing	VCID-rrbr-cnuw-vubr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-cmfh-mpmf-fmq4/GHSA-cmfh-mpmf-fmq4.json	38.6.0
2026-06-12T07:48:53.117476+00:00	GithubOSV Importer	Fixing	VCID-ax7b-4rpg-g3fw	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-62ch-j6x7-722j/GHSA-62ch-j6x7-722j.json	38.6.0
2026-06-12T07:48:44.452046+00:00	GithubOSV Importer	Fixing	VCID-u3my-rrph-sbcd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-hxqw-6qv7-cqfv/GHSA-hxqw-6qv7-cqfv.json	38.6.0