PT-2026-27230 · Unknown+1 · Connect-Cms+1
Odgrso
·
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2026-32278
CVSS v3.1
8.2
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Connect-CMS versions 1.x through 1.41.0
Connect-CMS versions 2.x through 2.41.0
Description
A Stored Cross-site Scripting (XSS) issue exists in the file field of the Form Plugin. If exploited, arbitrary script could run in an administrator's browser, potentially leading to unauthorized actions or information theft.
Recommendations
Update to Connect-CMS version 1.41.1 or later.
Update to Connect-CMS version 2.41.1 or later.
Exploit
Fix
XSS
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Connect-Cms
Form Plugin