Backdropcms

Backdrop

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-44141

  • EPSS 0.04%
  • Published 26.06.2025 00:00:00
  • Last modified 01.07.2025 16:03:07

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.

4.4

CVE-2025-25062

  • EPSS 34.06%
  • Published 03.02.2025 04:15:09
  • Last modified 06.05.2025 18:15:38

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and ...

4.4

CVE-2025-25063

  • EPSS 0.04%
  • Published 03.02.2025 04:15:09
  • Last modified 03.02.2025 04:15:09

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and ...

4.8

CVE-2024-41709

  • EPSS 0.41%
  • Published 22.07.2024 06:15:02
  • Last modified 21.03.2025 21:15:35

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" pe...

4.8

CVE-2023-31045

Exploit
  • EPSS 0.09%
  • Published 24.04.2023 08:15:07
  • Last modified 21.11.2024 08:01:18

A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or c...

4.8

CVE-2022-42094

Exploit
  • EPSS 17.37%
  • Published 22.11.2022 13:15:14
  • Last modified 29.04.2025 15:15:49

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

4.8

CVE-2022-42097

Exploit
  • EPSS 0.38%
  • Published 22.11.2022 13:15:14
  • Last modified 29.04.2025 15:15:49

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .

5.4

CVE-2022-24590

Exploit
  • EPSS 0.21%
  • Published 15.02.2022 16:15:09
  • Last modified 21.11.2024 06:50:42

A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.

8.8

CVE-2021-45268

Exploit
  • EPSS 0.45%
  • Published 03.02.2022 22:15:08
  • Last modified 21.11.2024 06:32:03

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor dispu...

6.1

CVE-2019-14769

  • EPSS 0.32%
  • Published 08.08.2019 02:15:11
  • Last modified 21.11.2024 04:27:18

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute ...