CVE-2026-32278

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,2

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: high

Availability: low

Description

AI Translation Available

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, Not Language-Specific, PHP

Technologies: Web Server

Likelihood of Exploit: Medium

View CWE Details

https://github.com/opensource-workshop/connect-cms/commit/9…

https://github.com/opensource-workshop/connect-cms/commit/9d87fe8ecf7f57efbb0e5…

https://github.com/opensource-workshop/connect-cms/releases…

https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1

https://github.com/opensource-workshop/connect-cms/releases…

https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1

https://github.com/opensource-workshop/connect-cms/security…

https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-mv3…