{"url":"http://public2.vulnerablecode.io/api/packages/992149?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@1.23.1","type":"composer","namespace":"opensource-workshop","name":"connect-cms","version":"1.23.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.41.1","latest_non_vulnerable_version":"2.41.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90904?format=json","vulnerability_id":"VCID-1b73-scr2-jucp","summary":"Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature\n# Security Advisory — Page Content Retrieval (Improper Authorization)\n\n## Summary\n\nAn improper authorization issue in the page content retrieval feature may allow retrieval of non-public information.\n\n## Affected Versions\n\n- 1.x series: <= 1.41.0\n- 2.x series: <= 2.41.0\n\n## Patched Versions\n\n- 1.41.1\n- 2.41.1\n\n## Description\n\nIn part of the page content retrieval feature, insufficient authorization checks could allow processing associated with non-public pages to be executed. If exploited, the contents and attachments of non-public pages may be obtained by a third party. Users affected by this vulnerability should update to a fixed version.\n\n## Solution\n\nUpdate to the fixed version.\nFor the 1.x series, update to 1.41.1 or later.\nFor the 2.x series, update to 2.41.1 or later.\n\n## Credits\n\nOpenSource WorkShop thanks **Sho Odagiri** (小田切 祥) of **GMO Cybersecurity by Ierae, Inc.** for reporting this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32299","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14932","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15014","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15054","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15063","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32299"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:48:32Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32299","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32299"},{"reference_url":"https://github.com/advisories/GHSA-62ch-j6x7-722j","reference_id":"GHSA-62ch-j6x7-722j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-62ch-j6x7-722j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112664?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@1.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1"},{"url":"http://public2.vulnerablecode.io/api/packages/112665?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32299","GHSA-62ch-j6x7-722j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1b73-scr2-jucp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91535?format=json","vulnerability_id":"VCID-3mj1-nbj8-c3gn","summary":"Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin\n# Security Advisory — Page Management Plugin (SSRF)\n\n## Summary\n\nA Server-Side Request Forgery (SSRF) issue exists in the external page migration feature of the Page Management Plugin.\n\n## Affected Versions\n\n- 1.x series: <= 1.41.0\n- 2.x series: <= 2.41.0\n\n## Patched Versions\n\n- 1.41.1\n- 2.41.1\n\n## Description\n\nIn the external page migration feature of the Page Management Plugin, a Server-Side Request Forgery (SSRF) issue could occur. If exploited, it may allow access to internal destinations and could result in information disclosure. Exploitation requires privileges that allow use of the page management screen. Users affected by this vulnerability should update to a fixed version.\n\n## Solution\n\nUpdate to the fixed version.\nFor the 1.x series, update to 1.41.1 or later.\nFor the 2.x series, update to 2.41.1 or later.\n\n## Credits\n\nOpenSource WorkShop thanks **Sho Odagiri** (小田切 祥) of **GMO Cybersecurity by Ierae, Inc.** for reporting this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32279","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05158","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05198","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05206","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32279"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/617a874e14b8476da7c0760a06384b9da21bdd4f"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:39:02Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32279","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32279"},{"reference_url":"https://github.com/advisories/GHSA-jh46-85jr-6ph9","reference_id":"GHSA-jh46-85jr-6ph9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jh46-85jr-6ph9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112664?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@1.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1"},{"url":"http://public2.vulnerablecode.io/api/packages/112665?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32279","GHSA-jh46-85jr-6ph9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mj1-nbj8-c3gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91077?format=json","vulnerability_id":"VCID-7a8g-3pmq-kkej","summary":"Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin\n# Security Advisory — Form Plugin (Stored XSS)\n\n## Summary\n\nA Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin.\n\n## Affected Versions\n\n- 1.x series: <= 1.41.0\n- 2.x series: <= 2.41.0\n\n## Patched Versions\n\n- 1.41.1\n- 2.41.1\n\n## Description\n\nIn the file field of the Form Plugin, Stored Cross-site Scripting (XSS) could occur. If exploited, arbitrary script could run in an administrator's browser, which may lead to unauthorized actions or information theft. Users affected by this vulnerability should update to a fixed version.\n\n## Solution\n\nUpdate to the fixed version.\nFor the 1.x series, update to 1.41.1 or later.\nFor the 2.x series, update to 2.41.1 or later.\n\n## Credits\n\nOpenSource WorkShop thanks **Sho Odagiri** (小田切 祥) of **GMO Cybersecurity by Ierae, Inc.** for reporting this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32278","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16226","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16307","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16349","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32278"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5231be058807734c96b3"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T18:41:34Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3p-7p89-wq9p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32278","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32278"},{"reference_url":"https://github.com/advisories/GHSA-mv3p-7p89-wq9p","reference_id":"GHSA-mv3p-7p89-wq9p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mv3p-7p89-wq9p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112664?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@1.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1"},{"url":"http://public2.vulnerablecode.io/api/packages/112665?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32278","GHSA-mv3p-7p89-wq9p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7a8g-3pmq-kkej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90822?format=json","vulnerability_id":"VCID-mj73-wmdy-fben","summary":"Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin\n# Security Advisory — Code Study Plugin\n\n## Summary\n\nAn authenticated user may be able to execute arbitrary code in the Code Study Plugin.\n\n## Affected Versions\n\n- 1.x series: <= 1.41.0\n- 2.x series: <= 2.41.0\n\n## Patched Versions\n\n- 1.41.1\n- 2.41.1\n\n## Description\n\nIn the Code Study Plugin, an authenticated user could trigger unintended code execution. If exploited, it may lead to code execution on the server or information disclosure. Users affected by this vulnerability should update to a fixed version.\n\n## Solution\n\nUpdate to the fixed version.\nFor the 1.x series, update to 1.41.1 or later.\nFor the 2.x series, update to 2.41.1 or later.\n\n## Credits\n\nOpenSource WorkShop thanks **Sho Odagiri** (小田切 祥) of **GMO Cybersecurity by Ierae, Inc.** for reporting this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32276","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27853","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27765","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27815","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27904","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32276"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/c0bcd07fc1e9375941aa1295d044328ecd44ed85"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:30:13Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-hxqw-6qv7-cqfv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32276","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32276"},{"reference_url":"https://github.com/advisories/GHSA-hxqw-6qv7-cqfv","reference_id":"GHSA-hxqw-6qv7-cqfv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxqw-6qv7-cqfv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112664?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@1.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1"},{"url":"http://public2.vulnerablecode.io/api/packages/112665?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32276","GHSA-hxqw-6qv7-cqfv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mj73-wmdy-fben"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91402?format=json","vulnerability_id":"VCID-qm2m-cwm1-s3fk","summary":"Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information\n# Security Advisory — My Page Profile Update (Improper Authorization)\n\n## Summary\n\nAn improper authorization issue in the My Page profile update feature may allow modification of arbitrary user information.\n\n## Affected Versions\n\n- 1.x series: <= 1.41.0\n- 2.x series: <= 2.41.0\n\n## Patched Versions\n\n- 1.41.1\n- 2.41.1\n\n## Description\n\nIn part of the My Page profile update feature, another user's profile information or password could be modified. If exploited, arbitrary user accounts may be taken over. Exploitation requires that the attacker be able to reach the affected functionality as an authenticated user. Users affected by this vulnerability should update to a fixed version.\n\n## Solution\n\nUpdate to the fixed version.\nFor the 1.x series, update to 1.41.1 or later.\nFor the 2.x series, update to 2.41.1 or later.\n\n## Credits\n\nOpenSource WorkShops thanks **Sho Odagiri** (小田切 祥) of **GMO Cybersecurity by Ierae, Inc.** for reporting this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32300","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03853","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03876","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03887","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0389","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32300"},{"reference_url":"https://github.com/opensource-workshop/connect-cms","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/opensource-workshop/connect-cms"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"},{"reference_url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-25T19:17:22Z/"}],"url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32300","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32300"},{"reference_url":"https://github.com/advisories/GHSA-qr6x-wvxr-8hm9","reference_id":"GHSA-qr6x-wvxr-8hm9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qr6x-wvxr-8hm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112664?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@1.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.41.1"},{"url":"http://public2.vulnerablecode.io/api/packages/112665?format=json","purl":"pkg:composer/opensource-workshop/connect-cms@2.41.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@2.41.1"}],"aliases":["CVE-2026-32300","GHSA-qr6x-wvxr-8hm9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm2m-cwm1-s3fk"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/opensource-workshop/connect-cms@1.23.1"}