Product
A stored cross-site scripting (XSS) vulnerability exists in the file field of the Form Plugin in Connect CMS versions 1.x series <= 1.41.0 and 2.x series <= 2.41.0, allowing arbitrary script execution in an administrator's browser, potentially leading to unauthorized actions or information theft.