Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/opensource-workshop/connect-cms@2.3.2
purl pkg:composer/opensource-workshop/connect-cms@2.3.2
Next non-vulnerable version 2.41.1
Latest non-vulnerable version 2.41.1
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1pxp-npuh-p3bx
Aliases:
CVE-2026-32278
GHSA-mv3p-7p89-wq9p
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-5yh8-ck3y-nffp
Aliases:
CVE-2026-32300
GHSA-qr6x-wvxr-8hm9
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-ax7b-4rpg-g3fw
Aliases:
CVE-2026-32299
GHSA-62ch-j6x7-722j
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-cafq-qnx1-63gg
Aliases:
GHSA-5rjc-jc28-cwgg
Connect-CMS Access control vulnerability ### Impact(影響) There is an Access control vulnerability on the management system of Connect-CMS. Affected Version : Connect-CMS v1.8.6, 2.4.6 and earlier ### Patches(修正バージョン) version v1.8.7, v2.4.7 ### Workarounds(運用回避手段) Upgrade Connect-CMS to latest version
2.4.7
Affected by 5 other vulnerabilities.
VCID-rqvq-a22q-5yhy
Aliases:
CVE-2026-32279
GHSA-jh46-85jr-6ph9
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-u3my-rrph-sbcd
Aliases:
CVE-2026-32276
GHSA-hxqw-6qv7-cqfv
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-d5my-v441-f7g1 Connect-CMS Privilege Escalation Vulnerability ### Impact(影響) There is a Privilege Escalation Vulnerability on the management system of Connect-CMS. Affercted Version : Connect-CMS 1.7.1, 2.3.1 and earlier ### Patches(修正バージョン) version 1.7.2, 2.3.1 ### Workarounds(運用回避手段) Upgrade Connect-CMS to latest version GHSA-qxh3-jgvh-x55j
GMS-2023-1787

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:26:24.387666+00:00 GHSA Importer Fixing VCID-d5my-v441-f7g1 https://github.com/advisories/GHSA-qxh3-jgvh-x55j 38.6.0
2026-06-12T21:35:31.475973+00:00 GitLab Importer Affected by VCID-5yh8-ck3y-nffp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32300.yml 38.6.0
2026-06-12T21:35:28.934464+00:00 GitLab Importer Affected by VCID-1pxp-npuh-p3bx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32278.yml 38.6.0
2026-06-12T21:35:26.779545+00:00 GitLab Importer Affected by VCID-rqvq-a22q-5yhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32279.yml 38.6.0
2026-06-12T21:35:11.093681+00:00 GitLab Importer Affected by VCID-ax7b-4rpg-g3fw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32299.yml 38.6.0
2026-06-12T21:35:09.921534+00:00 GitLab Importer Affected by VCID-u3my-rrph-sbcd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32276.yml 38.6.0
2026-06-12T19:51:49.548238+00:00 GitLab Importer Affected by VCID-cafq-qnx1-63gg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/GHSA-5rjc-jc28-cwgg.yml 38.6.0
2026-06-12T15:46:31.106218+00:00 GitLab Importer Fixing VCID-d5my-v441-f7g1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/GHSA-qxh3-jgvh-x55j.yml 38.6.0
2026-06-12T07:59:32.755704+00:00 GithubOSV Importer Fixing VCID-d5my-v441-f7g1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-qxh3-jgvh-x55j/GHSA-qxh3-jgvh-x55j.json 38.6.0