CVE-2026-32277

Published: Mar 23, 2026 Last Modified: Mar 23, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: changed
Confidentiality: high
Integrity: high
Availability: none

Description

AI Translation Available

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
Likelihood of Exploit: High
View CWE Details
https://github.com/opensource-workshop/connect-cms/commit/c…
https://github.com/opensource-workshop/connect-cms/commit/c04dc40f814eff8919157…
https://github.com/opensource-workshop/connect-cms/releases…
https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1
https://github.com/opensource-workshop/connect-cms/releases…
https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1
https://github.com/opensource-workshop/connect-cms/security…
https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-cmf…