Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/opensource-workshop/connect-cms@0.0.1.20201008
Typecomposer
Namespaceopensource-workshop
Nameconnect-cms
Version0.0.1.20201008
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.41.1
Latest_non_vulnerable_version2.41.1
Affected_by_vulnerabilities
0
url VCID-1pxp-npuh-p3bx
vulnerability_id VCID-1pxp-npuh-p3bx
summary Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32278
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16483
published_at 2026-06-13T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.16456
published_at 2026-06-14T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.16472
published_at 2026-06-12T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.16327
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32278
1
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32278
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32278
3
reference_url https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3
reference_id 9d87fe8ecf7f57efbb0e5231be058807734c96b3
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/
url https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3
4
reference_url https://github.com/advisories/GHSA-mv3p-7p89-wq9p
reference_id GHSA-mv3p-7p89-wq9p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mv3p-7p89-wq9p
5
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p
reference_id GHSA-mv3p-7p89-wq9p
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p
6
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
reference_id v1.41.1
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
7
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
reference_id v2.41.1
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.41.1
purl pkg:composer/opensource-workshop/connect-cms@1.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1
1
url pkg:composer/opensource-workshop/connect-cms@2.41.1
purl pkg:composer/opensource-workshop/connect-cms@2.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1
aliases CVE-2026-32278, GHSA-mv3p-7p89-wq9p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pxp-npuh-p3bx
1
url VCID-3uzy-hepv-tyed
vulnerability_id VCID-3uzy-hepv-tyed
summary 
Connect-CMS information that is restricted to viewing is visible
### Impact
 - Information that is restricted from viewing in the search results of site searches (※) can still be viewed via the main text (a feature added in v1.8.0).
     - Impact by version
         - v1.8.0 ~ v1.8.3: It will be displayed in the text.
         - v1.8.0 and earlier: It will not be displayed in the body of the text, but the title (frame name) will be displayed with a link.
     - Target viewing restriction function
         - Frame publishing function (private, limited publishing)
         - IP Restriction Page
         - Password setting page

### Patches (fixed version)
 - Apply v1.8.4.

### Workarounds
 - Remove the site search (e.g. hide frames).。

### References
none
references
0
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
1
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-2237-5r9w-vm8j
reference_id
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-2237-5r9w-vm8j
2
reference_url https://github.com/advisories/GHSA-2237-5r9w-vm8j
reference_id GHSA-2237-5r9w-vm8j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2237-5r9w-vm8j
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.8.4
purl pkg:composer/opensource-workshop/connect-cms@1.8.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pxp-npuh-p3bx
1
vulnerability VCID-5yh8-ck3y-nffp
2
vulnerability VCID-ax7b-4rpg-g3fw
3
vulnerability VCID-cafq-qnx1-63gg
4
vulnerability VCID-rqvq-a22q-5yhy
5
vulnerability VCID-u3my-rrph-sbcd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.8.4
aliases GHSA-2237-5r9w-vm8j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3uzy-hepv-tyed
2
url VCID-5yh8-ck3y-nffp
vulnerability_id VCID-5yh8-ck3y-nffp
summary Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information. Versions 1.41.1 and 2.41.1 contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32300
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03906
published_at 2026-06-13T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.03918
published_at 2026-06-14T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.03916
published_at 2026-06-12T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.03898
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32300
1
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32300
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32300
3
reference_url https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce
reference_id 7c9951738c62a1d51b91e9956d1eb756c5d52cce
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/
url https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce
4
reference_url https://github.com/advisories/GHSA-qr6x-wvxr-8hm9
reference_id GHSA-qr6x-wvxr-8hm9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qr6x-wvxr-8hm9
5
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9
reference_id GHSA-qr6x-wvxr-8hm9
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9
6
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
reference_id v1.41.1
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
7
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
reference_id v2.41.1
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.41.1
purl pkg:composer/opensource-workshop/connect-cms@1.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1
1
url pkg:composer/opensource-workshop/connect-cms@2.41.1
purl pkg:composer/opensource-workshop/connect-cms@2.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1
aliases CVE-2026-32300, GHSA-qr6x-wvxr-8hm9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5yh8-ck3y-nffp
3
url VCID-ax7b-4rpg-g3fw
vulnerability_id VCID-ax7b-4rpg-g3fw
summary Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the page content retrieval feature may allow retrieval of non-public information. Versions 1.41.1 and 2.41.1 contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32299
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.15176
published_at 2026-06-13T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.15142
published_at 2026-06-14T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.15172
published_at 2026-06-12T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.15048
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32299
1
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32299
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32299
3
reference_url https://github.com/advisories/GHSA-62ch-j6x7-722j
reference_id GHSA-62ch-j6x7-722j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62ch-j6x7-722j
4
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j
reference_id GHSA-62ch-j6x7-722j
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j
5
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
reference_id v1.41.1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
6
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
reference_id v2.41.1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.41.1
purl pkg:composer/opensource-workshop/connect-cms@1.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1
1
url pkg:composer/opensource-workshop/connect-cms@2.41.1
purl pkg:composer/opensource-workshop/connect-cms@2.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1
aliases CVE-2026-32299, GHSA-62ch-j6x7-722j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7b-4rpg-g3fw
4
url VCID-cafq-qnx1-63gg
vulnerability_id VCID-cafq-qnx1-63gg
summary 
Connect-CMS Access control vulnerability
### Impact(影響)

There is an Access control vulnerability on the management system of Connect-CMS.
Affected Version : Connect-CMS v1.8.6, 2.4.6 and earlier

### Patches(修正バージョン)

version v1.8.7, v2.4.7

### Workarounds(運用回避手段)

Upgrade Connect-CMS to latest version
references
0
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
1
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-5rjc-jc28-cwgg
2
reference_url https://github.com/advisories/GHSA-5rjc-jc28-cwgg
reference_id GHSA-5rjc-jc28-cwgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5rjc-jc28-cwgg
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.8.7
purl pkg:composer/opensource-workshop/connect-cms@1.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pxp-npuh-p3bx
1
vulnerability VCID-5yh8-ck3y-nffp
2
vulnerability VCID-ax7b-4rpg-g3fw
3
vulnerability VCID-rqvq-a22q-5yhy
4
vulnerability VCID-u3my-rrph-sbcd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.8.7
1
url pkg:composer/opensource-workshop/connect-cms@2.4.7
purl pkg:composer/opensource-workshop/connect-cms@2.4.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pxp-npuh-p3bx
1
vulnerability VCID-5yh8-ck3y-nffp
2
vulnerability VCID-ax7b-4rpg-g3fw
3
vulnerability VCID-rqvq-a22q-5yhy
4
vulnerability VCID-u3my-rrph-sbcd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.4.7
aliases GHSA-5rjc-jc28-cwgg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cafq-qnx1-63gg
5
url VCID-d5my-v441-f7g1
vulnerability_id VCID-d5my-v441-f7g1
summary 
Connect-CMS Privilege Escalation Vulnerability
### Impact(影響)

There is a Privilege Escalation Vulnerability on the management system of Connect-CMS.
Affercted Version : Connect-CMS 1.7.1, 2.3.1 and earlier

### Patches(修正バージョン)

version 1.7.2, 2.3.1

### Workarounds(運用回避手段)

Upgrade Connect-CMS to latest version
references
0
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
1
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qxh3-jgvh-x55j
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qxh3-jgvh-x55j
2
reference_url https://github.com/advisories/GHSA-qxh3-jgvh-x55j
reference_id GHSA-qxh3-jgvh-x55j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qxh3-jgvh-x55j
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.7.2
purl pkg:composer/opensource-workshop/connect-cms@1.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pxp-npuh-p3bx
1
vulnerability VCID-3uzy-hepv-tyed
2
vulnerability VCID-5yh8-ck3y-nffp
3
vulnerability VCID-ax7b-4rpg-g3fw
4
vulnerability VCID-cafq-qnx1-63gg
5
vulnerability VCID-rqvq-a22q-5yhy
6
vulnerability VCID-u3my-rrph-sbcd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.7.2
1
url pkg:composer/opensource-workshop/connect-cms@2.3.2
purl pkg:composer/opensource-workshop/connect-cms@2.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1pxp-npuh-p3bx
1
vulnerability VCID-5yh8-ck3y-nffp
2
vulnerability VCID-ax7b-4rpg-g3fw
3
vulnerability VCID-cafq-qnx1-63gg
4
vulnerability VCID-rqvq-a22q-5yhy
5
vulnerability VCID-u3my-rrph-sbcd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.3.2
aliases GHSA-qxh3-jgvh-x55j, GMS-2023-1787
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5my-v441-f7g1
6
url VCID-rqvq-a22q-5yhy
vulnerability_id VCID-rqvq-a22q-5yhy
summary Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32279
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05252
published_at 2026-06-11T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05251
published_at 2026-06-14T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05267
published_at 2026-06-12T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.0526
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32279
1
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32279
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32279
3
reference_url https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63
reference_id 4a1a64a8f768a53e06a4239e25782d9e2e88fc63
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/
url https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63
4
reference_url https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f
reference_id 617a874e14b8476da7c0760a06384b9da21bdd4f
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/
url https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f
5
reference_url https://github.com/advisories/GHSA-jh46-85jr-6ph9
reference_id GHSA-jh46-85jr-6ph9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jh46-85jr-6ph9
6
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9
reference_id GHSA-jh46-85jr-6ph9
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9
7
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
reference_id v1.41.1
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
8
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
reference_id v2.41.1
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.41.1
purl pkg:composer/opensource-workshop/connect-cms@1.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1
1
url pkg:composer/opensource-workshop/connect-cms@2.41.1
purl pkg:composer/opensource-workshop/connect-cms@2.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1
aliases CVE-2026-32279, GHSA-jh46-85jr-6ph9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqvq-a22q-5yhy
7
url VCID-u3my-rrph-sbcd
vulnerability_id VCID-u3my-rrph-sbcd
summary Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32276
reference_id
reference_type
scores
0
value 0.00103
scoring_system epss
scoring_elements 0.27799
published_at 2026-06-11T12:55:00Z
1
value 0.00103
scoring_system epss
scoring_elements 0.28016
published_at 2026-06-14T12:55:00Z
2
value 0.00103
scoring_system epss
scoring_elements 0.27998
published_at 2026-06-12T12:55:00Z
3
value 0.00103
scoring_system epss
scoring_elements 0.28025
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32276
1
reference_url https://github.com/opensource-workshop/connect-cms
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opensource-workshop/connect-cms
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32276
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32276
3
reference_url https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85
reference_id c0bcd07fc1e9375941aa1295d044328ecd44ed85
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/
url https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85
4
reference_url https://github.com/advisories/GHSA-hxqw-6qv7-cqfv
reference_id GHSA-hxqw-6qv7-cqfv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxqw-6qv7-cqfv
5
reference_url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv
reference_id GHSA-hxqw-6qv7-cqfv
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/
url https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv
6
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
reference_id v1.41.1
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
7
reference_url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
reference_id v2.41.1
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/
url https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
fixed_packages
0
url pkg:composer/opensource-workshop/connect-cms@1.41.1
purl pkg:composer/opensource-workshop/connect-cms@1.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1
1
url pkg:composer/opensource-workshop/connect-cms@2.41.1
purl pkg:composer/opensource-workshop/connect-cms@2.41.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1
aliases CVE-2026-32276, GHSA-hxqw-6qv7-cqfv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3my-rrph-sbcd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@0.0.1.20201008