Product
Connect-CMS Code Study Plugin Arbitrary Code Execution
2 rules 1 TTPAn authenticated user of the Connect-CMS Code Study Plugin can execute arbitrary code due to a vulnerability (CVE-2026-32276) in versions 1.x before 1.41.1 and 2.x before 2.41.1, potentially leading to code execution on the server or information disclosure.
Connect CMS Form Plugin Stored XSS Vulnerability
2 rulesA stored cross-site scripting (XSS) vulnerability exists in the file field of the Form Plugin in Connect CMS versions 1.x series <= 1.41.0 and 2.x series <= 2.41.0, allowing arbitrary script execution in an administrator's browser, potentially leading to unauthorized actions or information theft.
Connect CMS Improper Authorization Vulnerability
2 rules 1 TTPAn improper authorization vulnerability in Connect CMS allows authenticated users to modify arbitrary user profile information, potentially leading to account takeover and unauthorized data modification on affected versions 1.x <= 1.41.0 and 2.x <= 2.41.0.