VYPR
High severityNVD Advisory· Published Mar 23, 2026· Updated Mar 24, 2026

Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

CVE-2026-32277

Description

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
opensource-workshop/connect-cmsPackagist
>= 1.35.0, < 1.41.11.41.1
opensource-workshop/connect-cmsPackagist
>= 2.35.0, < 2.41.12.41.1

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.