Browse all 6 CVE security advisories affecting opensource-workshop. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Opensource-workshop develops security-focused training platforms with hands-on vulnerability exercises. Historically, its applications have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The platform has accumulated six CVEs to date, with notable issues including authenticated RCE flaws in virtual machine environments and XSS vulnerabilities in user-generated content modules. While no major public security incidents have been documented, the consistent pattern of input validation issues suggests ongoing security challenges in its sandboxed learning environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32300 | Connect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User Information — connect-cmsCWE-285 | 8.1 | High | 2026-03-23 |
| CVE-2026-32299 | Connect CMS: Information Disclosure Due to Improper Authorization through the Page Content Retrieval Feature — connect-cmsCWE-284 | 7.5 | High | 2026-03-23 |
| CVE-2026-32279 | Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin — connect-cmsCWE-918 | 6.8 | Medium | 2026-03-23 |
| CVE-2026-32278 | Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin — connect-cmsCWE-434 | 8.2 | High | 2026-03-23 |
| CVE-2026-32277 | Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View — connect-cmsCWE-79 | 8.7 | High | 2026-03-23 |
| CVE-2026-32276 | Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin — connect-cmsCWE-94 | 8.8 | High | 2026-03-23 |
This page lists every published CVE security advisory associated with opensource-workshop. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.