PT-2026-27230 · Unknown+1 · Connect-Cms+1

Odgrso

Publicado

2026-03-23

Atualizado

2026-03-23

CVE-2026-32278

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Connect-CMS versions 1.x through 1.41.0 Connect-CMS versions 2.x through 2.41.0

Description A Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. If exploited, arbitrary script could run in an administrator's browser, potentially leading to unauthorized actions or information theft.

Recommendations Update to Connect-CMS version 1.41.1 or later. Update to Connect-CMS version 2.41.1 or later.

Exploit

Correção

XSS

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-434

Identificadores relacionados

CVE-2026-32278

GHSA-MV3P-7P89-WQ9P

Produtos afetados

Connect-Cms

Form Plugin

PT-2026-27230 · Unknown+1 · Connect-Cms+1

CVE-2026-32278

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10