CVE-2026-32278
EUVD-2026-1457023.03.2026, 22:16
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| opensource-workshop | connect-cms | 1.0.0 ≤ 𝑥 < 1.41.1 |
| opensource-workshop | connect-cms | 2.0.0 ≤ 𝑥 < 2.41.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
References