Backdropcms

Backdrop

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-44141

  • EPSS 0.04%
  • Veröffentlicht 26.06.2025 00:00:00
  • Zuletzt bearbeitet 01.07.2025 16:03:07

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.

4.4

CVE-2025-25062

  • EPSS 34.06%
  • Veröffentlicht 03.02.2025 04:15:09
  • Zuletzt bearbeitet 06.05.2025 18:15:38

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and ...

4.4

CVE-2025-25063

  • EPSS 0.04%
  • Veröffentlicht 03.02.2025 04:15:09
  • Zuletzt bearbeitet 03.02.2025 04:15:09

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and ...

4.8

CVE-2024-41709

  • EPSS 0.41%
  • Veröffentlicht 22.07.2024 06:15:02
  • Zuletzt bearbeitet 21.03.2025 21:15:35

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" pe...

4.8

CVE-2023-31045

Exploit
  • EPSS 0.09%
  • Veröffentlicht 24.04.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:01:18

A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or c...

4.8

CVE-2022-42094

Exploit
  • EPSS 17.37%
  • Veröffentlicht 22.11.2022 13:15:14
  • Zuletzt bearbeitet 29.04.2025 15:15:49

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

4.8

CVE-2022-42097

Exploit
  • EPSS 0.38%
  • Veröffentlicht 22.11.2022 13:15:14
  • Zuletzt bearbeitet 29.04.2025 15:15:49

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .

5.4

CVE-2022-24590

Exploit
  • EPSS 0.21%
  • Veröffentlicht 15.02.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:50:42

A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.

8.8

CVE-2021-45268

Exploit
  • EPSS 0.45%
  • Veröffentlicht 03.02.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:32:03

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor dispu...

6.1

CVE-2019-14769

  • EPSS 0.32%
  • Veröffentlicht 08.08.2019 02:15:11
  • Zuletzt bearbeitet 21.11.2024 04:27:18

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute ...