RSS   Vulnerabilities for 'Backdrop'   RSS

2022-02-15
 
CVE-2022-24590

CWE-79
 

 
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.

 
2022-02-03
 
CVE-2021-45268

CWE-352
 

 
** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons.

 
2019-08-07
 
CVE-2019-14769

CWE-79
 

 
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)

 

 >>> Vendor: Backdropcms 2 Products
Backdrop cms
Backdrop


Copyright 2024, cxsecurity.com

 

Back to Top