Security Advisories - PKSA-16v9-y28z-87sk - Packagist.org

PKSA-16v9-y28z-87sk Security Advisory

[HIGH] Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View

PKSA-16v9-y28z-87sk CVE-2026-32277 GHSA-cmfh-mpmf-fmq4

Affected package: opensource-workshop/connect-cms

Affected version: >=2.35.0,<2.41.1|>=1.35.0,<1.41.1

Reported by:
GitHub