Tag
high
advisory
Connect-CMS Improper Authorization Vulnerability (CVE-2026-32299)
2 rules 1 TTP 1 IOCConnect-CMS versions 1.x up to 1.41.0 and 2.x up to 2.41.0 are vulnerable to improper authorization in the page content retrieval feature, potentially allowing retrieval of non-public information, addressed in versions 1.41.1 and 2.41.1.
cve-2026-32299
connect-cms
authorization-bypass
2r
1t
1i
high
advisory
Connect-CMS Cabinet Plugin DOM-based XSS Vulnerability
2 rules 1 TTPA DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Cabinet Plugin list view of Connect-CMS, affecting versions 1.35.0 to 1.41.0 and 2.35.0 to 2.41.0, which can lead to arbitrary script execution in the victim's browser.
xss
connect-cms
cabinet-plugin
2r
1t