Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/opensource-workshop/connect-cms@2.41.0
purl pkg:composer/opensource-workshop/connect-cms@2.41.0
Next non-vulnerable version 2.41.1
Latest non-vulnerable version 2.41.1
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1pxp-npuh-p3bx
Aliases:
CVE-2026-32278
GHSA-mv3p-7p89-wq9p
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-5yh8-ck3y-nffp
Aliases:
CVE-2026-32300
GHSA-qr6x-wvxr-8hm9
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-ax7b-4rpg-g3fw
Aliases:
CVE-2026-32299
GHSA-62ch-j6x7-722j
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-rqvq-a22q-5yhy
Aliases:
CVE-2026-32279
GHSA-jh46-85jr-6ph9
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-rrbr-cnuw-vubr
Aliases:
CVE-2026-32277
GHSA-cmfh-mpmf-fmq4
Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
VCID-u3my-rrph-sbcd
Aliases:
CVE-2026-32276
GHSA-hxqw-6qv7-cqfv
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
2.41.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:28:13.919056+00:00 GHSA Importer Affected by VCID-5yh8-ck3y-nffp https://github.com/advisories/GHSA-qr6x-wvxr-8hm9 38.6.0
2026-06-13T06:28:13.775217+00:00 GHSA Importer Affected by VCID-rqvq-a22q-5yhy https://github.com/advisories/GHSA-jh46-85jr-6ph9 38.6.0
2026-06-13T06:28:13.700620+00:00 GHSA Importer Affected by VCID-1pxp-npuh-p3bx https://github.com/advisories/GHSA-mv3p-7p89-wq9p 38.6.0
2026-06-12T21:35:36.816679+00:00 GitLab Importer Affected by VCID-rrbr-cnuw-vubr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32277.yml 38.6.0
2026-06-12T21:35:31.853964+00:00 GitLab Importer Affected by VCID-5yh8-ck3y-nffp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32300.yml 38.6.0
2026-06-12T21:35:29.281400+00:00 GitLab Importer Affected by VCID-1pxp-npuh-p3bx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32278.yml 38.6.0
2026-06-12T21:35:27.151946+00:00 GitLab Importer Affected by VCID-rqvq-a22q-5yhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32279.yml 38.6.0
2026-06-12T21:35:11.439665+00:00 GitLab Importer Affected by VCID-ax7b-4rpg-g3fw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32299.yml 38.6.0
2026-06-12T21:35:10.348328+00:00 GitLab Importer Affected by VCID-u3my-rrph-sbcd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/opensource-workshop/connect-cms/CVE-2026-32276.yml 38.6.0