CVE-2026-32277

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-32277
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32277.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32277
Aliases
Published
2026-03-23T21:22:08.425Z
Modified
2026-04-02T13:26:33.352001Z
Severity
  • 8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View
Details

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32277.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/opensource-workshop/connect-cms

Affected ranges

Type
GIT
Repo
https://github.com/opensource-workshop/connect-cms
Events
Introduced
e2dd85be3fae3388b6ef2d8efd42401b445b2cbf
Fixed
04ffb2bfe4a4421f19bad8c9b8c75e2a6d931681
Database specific 
{
    "versions": [
        {
            "introduced": "1.35.0"
        },
        {
            "fixed": "1.41.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/opensource-workshop/connect-cms
Events
Introduced
dc68a86710b0524bf5661e3aeac8585b832944f3
Fixed
c2519d7983e850bb45dd60cea99db0fe97ed6edd
Database specific 
{
    "versions": [
        {
            "introduced": "2.35.0"
        },
        {
            "fixed": "2.41.1"
        }
    ]
}

Affected versions

v1.*
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.38.1
v1.39.0
v1.40.0
v1.41.0
v2.*
v2.35.0
v2.36.0
v2.37.0
v2.38.0
v2.38.1
v2.39.0
v2.40.0
v2.41.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32277.json"