CVE-2019-19900
- EPSS 0.41%
- Veröffentlicht 19.12.2019 06:15:10
- Zuletzt bearbeitet 21.11.2024 04:35:37
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized conte...
CVE-2019-14771
- EPSS 0.98%
- Veröffentlicht 08.08.2019 02:15:11
- Zuletzt bearbeitet 21.11.2024 04:27:18
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non...
CVE-2018-1000813
- EPSS 0.46%
- Veröffentlicht 20.12.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:24
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to...