Skip to main content

Backdrop

5 CVEs product

Monthly

CVE-2024-41709 PHP MEDIUM PATCH This Month

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Backdrop
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-42097 PHP MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-42094 PHP MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
CVSS 3.1
4.8
EPSS
2.5%
CVE-2019-14769 MEDIUM This Month

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Backdrop
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-11358 LIB MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Backdrop
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
EPSS 3% CVSS 4.8
MEDIUM POC This Month

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Backdrop
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Backdrop
NVD
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery +104
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy