{"id":"CVE-2026-32277","summary":"Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View","details":"Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch.","aliases":["GHSA-cmfh-mpmf-fmq4"],"modified":"2026-04-02T13:26:33.352001Z","published":"2026-03-23T21:22:08.425Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32277.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32277.json"},{"type":"FIX","url":"https://github.com/opensource-workshop/connect-cms/commit/c04dc40f814eff891915752ef1ec00ba6612441c"},{"type":"WEB","url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"},{"type":"WEB","url":"https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"},{"type":"ADVISORY","url":"https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-cmfh-mpmf-fmq4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32277"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensource-workshop/connect-cms","events":[{"introduced":"e2dd85be3fae3388b6ef2d8efd42401b445b2cbf"},{"fixed":"04ffb2bfe4a4421f19bad8c9b8c75e2a6d931681"}],"database_specific":{"versions":[{"introduced":"1.35.0"},{"fixed":"1.41.1"}]}},{"type":"GIT","repo":"https://github.com/opensource-workshop/connect-cms","events":[{"introduced":"dc68a86710b0524bf5661e3aeac8585b832944f3"},{"fixed":"c2519d7983e850bb45dd60cea99db0fe97ed6edd"}],"database_specific":{"versions":[{"introduced":"2.35.0"},{"fixed":"2.41.1"}]}}],"versions":["v1.35.0","v1.36.0","v1.37.0","v1.38.0","v1.38.1","v1.39.0","v1.40.0","v1.41.0","v2.35.0","v2.36.0","v2.37.0","v2.38.0","v2.38.1","v2.39.0","v2.40.0","v2.41.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32277.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"}]}