Connect-CMS Cabinet Plugin DOM-Based Cross-Site Scripting Vulnerability

A DOM-based Cross-Site Scripting (XSS) vulnerability has been identified in the Cabinet Plugin list view of Connect-CMS. This issue affects versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0. The vulnerability arises from how saved names are displayed, potentially allowing an attacker to execute arbitrary scripts in the context of the victim's browser. This could lead to unauthorized actions or information theft. Exploitation requires authenticated user access to the affected functionality.

Impact

Exploitation of this vulnerability allows for DOM-based Cross-Site Scripting, where an attacker can execute scripts in the context of the user's browser.

Remediation

Users should update to version 1.41.1 or later for the 1.x series, and to version 2.41.1 or later for the 2.x series.