VYPR
High severityNVD Advisory· Published Mar 23, 2026· Updated Mar 24, 2026

Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

CVE-2026-32278

Description

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
opensource-workshop/connect-cmsPackagist
< 1.41.11.41.1
opensource-workshop/connect-cmsPackagist
>= 2.0.0, < 2.41.12.41.1

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.