{"url":"http://public2.vulnerablecode.io/api/packages/377328?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.4.7","type":"composer","namespace":"opensource-workshop","name":"connect-cms","version":"2.4.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.41.1","latest_non_vulnerable_version":"2.41.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77247?format=json","vulnerability_id":"VCID-1pxp-npuh-p3bx","summary":"Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32278","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16472","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16483","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16327","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32278"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32278","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32278"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3","reference_id":"9d87fe8ecf7f57efbb0e5231be058807734c96b3","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3"},{"reference_url":"https://github.com/advisories/GHSA-mv3p-7p89-wq9p","reference_id":"GHSA-mv3p-7p89-wq9p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mv3p-7p89-wq9p"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p","reference_id":"GHSA-mv3p-7p89-wq9p","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"v1.41.1","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"v2.41.1","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374540?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32278","GHSA-mv3p-7p89-wq9p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pxp-npuh-p3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=json","vulnerability_id":"VCID-5yh8-ck3y-nffp","summary":"Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32300","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03916","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03906","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03898","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32300"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32300","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32300"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce","reference_id":"7c9951738c62a1d51b91e9956d1eb756c5d52cce","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce"},{"reference_url":"https://github.com/advisories/GHSA-qr6x-wvxr-8hm9","reference_id":"GHSA-qr6x-wvxr-8hm9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qr6x-wvxr-8hm9"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9","reference_id":"GHSA-qr6x-wvxr-8hm9","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"v1.41.1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"v2.41.1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374540?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32300","GHSA-qr6x-wvxr-8hm9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yh8-ck3y-nffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77148?format=json","vulnerability_id":"VCID-ax7b-4rpg-g3fw","summary":"Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32299","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15172","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15176","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15048","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32299"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32299","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32299"},{"reference_url":"https://github.com/advisories/GHSA-62ch-j6x7-722j","reference_id":"GHSA-62ch-j6x7-722j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-62ch-j6x7-722j"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j","reference_id":"GHSA-62ch-j6x7-722j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"v1.41.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"v2.41.1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374540?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32299","GHSA-62ch-j6x7-722j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7b-4rpg-g3fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76930?format=json","vulnerability_id":"VCID-rqvq-a22q-5yhy","summary":"Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32279","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05267","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0526","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05252","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32279"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32279","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32279"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63","reference_id":"4a1a64a8f768a53e06a4239e25782d9e2e88fc63","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f","reference_id":"617a874e14b8476da7c0760a06384b9da21bdd4f","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f"},{"reference_url":"https://github.com/advisories/GHSA-jh46-85jr-6ph9","reference_id":"GHSA-jh46-85jr-6ph9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh46-85jr-6ph9"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9","reference_id":"GHSA-jh46-85jr-6ph9","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"v1.41.1","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"v2.41.1","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374540?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32279","GHSA-jh46-85jr-6ph9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqvq-a22q-5yhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77034?format=json","vulnerability_id":"VCID-u3my-rrph-sbcd","summary":"Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32276","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27799","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.28025","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27998","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32276"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32276","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32276"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85","reference_id":"c0bcd07fc1e9375941aa1295d044328ecd44ed85","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85"},{"reference_url":"https://github.com/advisories/GHSA-hxqw-6qv7-cqfv","reference_id":"GHSA-hxqw-6qv7-cqfv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxqw-6qv7-cqfv"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv","reference_id":"GHSA-hxqw-6qv7-cqfv","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"v1.41.1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"v2.41.1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374540?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32276","GHSA-hxqw-6qv7-cqfv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3my-rrph-sbcd"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360597?format=json","vulnerability_id":"VCID-cafq-qnx1-63gg","summary":"Connect-CMS Access control vulnerability\n### Impact（影響）\n\nThere is an Access control vulnerability on the management system of Connect-CMS.\nAffected Version : Connect-CMS v1.8.6, 2.4.6 and earlier\n\n### Patches（修正バージョン）\n\nversion v1.8.7, v2.4.7\n\n### Workarounds（運用回避手段）\n\nUpgrade Connect-CMS to latest version","references":[{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg"},{"reference_url":"https://github.com/advisories/GHSA-5rjc-jc28-cwgg","reference_id":"GHSA-5rjc-jc28-cwgg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5rjc-jc28-cwgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377327?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@1.8.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pxp-npuh-p3bx"},{"vulnerability":"VCID-5yh8-ck3y-nffp"},{"vulnerability":"VCID-ax7b-4rpg-g3fw"},{"vulnerability":"VCID-rqvq-a22q-5yhy"},{"vulnerability":"VCID-u3my-rrph-sbcd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/377328?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1pxp-npuh-p3bx"},{"vulnerability":"VCID-5yh8-ck3y-nffp"},{"vulnerability":"VCID-ax7b-4rpg-g3fw"},{"vulnerability":"VCID-rqvq-a22q-5yhy"},{"vulnerability":"VCID-u3my-rrph-sbcd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.4.7"}],"aliases":["GHSA-5rjc-jc28-cwgg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cafq-qnx1-63gg"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.4.7"}