Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/393810?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/393810?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.0.0", "type": "composer", "namespace": "opensource-workshop", "name": "connect-cms", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.41.1", "latest_non_vulnerable_version": "2.41.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77247?format=api", "vulnerability_id": "VCID-1pxp-npuh-p3bx", "summary": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16472", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16327", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32278" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32278", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32278" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3", "reference_id": "9d87fe8ecf7f57efbb0e5231be058807734c96b3", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3" }, { "reference_url": "https://github.com/advisories/GHSA-mv3p-7p89-wq9p", "reference_id": "GHSA-mv3p-7p89-wq9p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mv3p-7p89-wq9p" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p", "reference_id": "GHSA-mv3p-7p89-wq9p", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "reference_id": "v1.41.1", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "reference_id": "v2.41.1", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374540?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.41.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1" } ], "aliases": [ "CVE-2026-32278", "GHSA-mv3p-7p89-wq9p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1pxp-npuh-p3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77631?format=api", "vulnerability_id": "VCID-5yh8-ck3y-nffp", "summary": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03916", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03898", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32300" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32300", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32300" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce", "reference_id": "7c9951738c62a1d51b91e9956d1eb756c5d52cce", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce" }, { "reference_url": "https://github.com/advisories/GHSA-qr6x-wvxr-8hm9", "reference_id": "GHSA-qr6x-wvxr-8hm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qr6x-wvxr-8hm9" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9", "reference_id": "GHSA-qr6x-wvxr-8hm9", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "reference_id": "v1.41.1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "reference_id": "v2.41.1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374540?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.41.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1" } ], "aliases": [ "CVE-2026-32300", "GHSA-qr6x-wvxr-8hm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yh8-ck3y-nffp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77148?format=api", "vulnerability_id": "VCID-ax7b-4rpg-g3fw", "summary": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15048", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15172", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32299" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32299", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32299" }, { "reference_url": "https://github.com/advisories/GHSA-62ch-j6x7-722j", "reference_id": "GHSA-62ch-j6x7-722j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-62ch-j6x7-722j" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j", "reference_id": "GHSA-62ch-j6x7-722j", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "reference_id": "v1.41.1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "reference_id": "v2.41.1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374540?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.41.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1" } ], "aliases": [ "CVE-2026-32299", "GHSA-62ch-j6x7-722j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7b-4rpg-g3fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360597?format=api", "vulnerability_id": "VCID-cafq-qnx1-63gg", "summary": "Connect-CMS Access control vulnerability\n### Impact(影響)\n\nThere is an Access control vulnerability on the management system of Connect-CMS.\nAffected Version : Connect-CMS v1.8.6, 2.4.6 and earlier\n\n### Patches(修正バージョン)\n\nversion v1.8.7, v2.4.7\n\n### Workarounds(運用回避手段)\n\nUpgrade Connect-CMS to latest version", "references": [ { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg" }, { "reference_url": "https://github.com/advisories/GHSA-5rjc-jc28-cwgg", "reference_id": "GHSA-5rjc-jc28-cwgg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5rjc-jc28-cwgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377328?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pxp-npuh-p3bx" }, { "vulnerability": "VCID-5yh8-ck3y-nffp" }, { "vulnerability": "VCID-ax7b-4rpg-g3fw" }, { "vulnerability": "VCID-rqvq-a22q-5yhy" }, { "vulnerability": "VCID-u3my-rrph-sbcd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.4.7" } ], "aliases": [ "GHSA-5rjc-jc28-cwgg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cafq-qnx1-63gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/361059?format=api", "vulnerability_id": "VCID-d5my-v441-f7g1", "summary": "Connect-CMS Privilege Escalation Vulnerability\n### Impact(影響)\n\nThere is a Privilege Escalation Vulnerability on the management system of Connect-CMS.\nAffercted Version : Connect-CMS 1.7.1, 2.3.1 and earlier\n\n### Patches(修正バージョン)\n\nversion 1.7.2, 2.3.1\n\n### Workarounds(運用回避手段)\n\nUpgrade Connect-CMS to latest version", "references": [ { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qxh3-jgvh-x55j", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qxh3-jgvh-x55j" }, { "reference_url": "https://github.com/advisories/GHSA-qxh3-jgvh-x55j", "reference_id": "GHSA-qxh3-jgvh-x55j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qxh3-jgvh-x55j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381357?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pxp-npuh-p3bx" }, { "vulnerability": "VCID-5yh8-ck3y-nffp" }, { "vulnerability": "VCID-ax7b-4rpg-g3fw" }, { "vulnerability": "VCID-cafq-qnx1-63gg" }, { "vulnerability": "VCID-rqvq-a22q-5yhy" }, { "vulnerability": "VCID-u3my-rrph-sbcd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.3.2" } ], "aliases": [ "GHSA-qxh3-jgvh-x55j", "GMS-2023-1787" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5my-v441-f7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76930?format=api", "vulnerability_id": "VCID-rqvq-a22q-5yhy", "summary": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05252", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05267", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32279" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32279", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32279" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63", "reference_id": "4a1a64a8f768a53e06a4239e25782d9e2e88fc63", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f", "reference_id": "617a874e14b8476da7c0760a06384b9da21bdd4f", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f" }, { "reference_url": "https://github.com/advisories/GHSA-jh46-85jr-6ph9", "reference_id": "GHSA-jh46-85jr-6ph9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jh46-85jr-6ph9" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9", "reference_id": "GHSA-jh46-85jr-6ph9", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "reference_id": "v1.41.1", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "reference_id": "v2.41.1", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374540?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.41.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1" } ], "aliases": [ "CVE-2026-32279", "GHSA-jh46-85jr-6ph9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqvq-a22q-5yhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77034?format=api", "vulnerability_id": "VCID-u3my-rrph-sbcd", "summary": "Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27799", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27998", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32276" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32276", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32276" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85", "reference_id": "c0bcd07fc1e9375941aa1295d044328ecd44ed85", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85" }, { "reference_url": "https://github.com/advisories/GHSA-hxqw-6qv7-cqfv", "reference_id": "GHSA-hxqw-6qv7-cqfv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hxqw-6qv7-cqfv" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv", "reference_id": "GHSA-hxqw-6qv7-cqfv", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "reference_id": "v1.41.1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "reference_id": "v2.41.1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374540?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.41.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1" } ], "aliases": [ "CVE-2026-32276", "GHSA-hxqw-6qv7-cqfv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u3my-rrph-sbcd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76873?format=api", "vulnerability_id": "VCID-rrbr-cnuw-vubr", "summary": "Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0416", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04148", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32277" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opensource-workshop/connect-cms" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32277", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32277" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/commit/c04dc40f814eff891915752ef1ec00ba6612441c", "reference_id": "c04dc40f814eff891915752ef1ec00ba6612441c", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:00:59Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/commit/c04dc40f814eff891915752ef1ec00ba6612441c" }, { "reference_url": "https://github.com/advisories/GHSA-cmfh-mpmf-fmq4", "reference_id": "GHSA-cmfh-mpmf-fmq4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmfh-mpmf-fmq4" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-cmfh-mpmf-fmq4", "reference_id": "GHSA-cmfh-mpmf-fmq4", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:00:59Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-cmfh-mpmf-fmq4" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "reference_id": "v1.41.1", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:00:59Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1" }, { "reference_url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "reference_id": "v2.41.1", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:00:59Z/" } ], "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374539?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@1.41.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/393810?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pxp-npuh-p3bx" }, { "vulnerability": "VCID-5yh8-ck3y-nffp" }, { "vulnerability": "VCID-ax7b-4rpg-g3fw" }, { "vulnerability": "VCID-cafq-qnx1-63gg" }, { "vulnerability": "VCID-d5my-v441-f7g1" }, { "vulnerability": "VCID-rqvq-a22q-5yhy" }, { "vulnerability": "VCID-u3my-rrph-sbcd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/374540?format=api", "purl": "pkg:composer/opensource-workshop/connect-cms@2.41.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1" } ], "aliases": [ "CVE-2026-32277", "GHSA-cmfh-mpmf-fmq4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrbr-cnuw-vubr" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.0.0" }