Filtered by vendor Backdropcms
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24590 | 1 Backdropcms | 1 Backdrop | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2019-11358 | 10 Backdropcms, Debian, Drupal and 7 more | 102 Backdrop, Debian Linux, Drupal and 99 more | 2022-02-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | |||||
| CVE-2019-19900 | 1 Backdropcms | 1 Backdrop Cms | 2019-12-27 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute scripting when creating content, aka XSS. This vulnerability is mitigated by the fact that an attacker must have a role with the "Administer content types" permission. | |||||
| CVE-2019-19901 | 1 Backdropcms | 1 Backdrop Cms | 2019-12-27 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when configuring a layout, aka XSS. This issue is mitigated by the fact that the attacker would be required to have the permission to create custom blocks, which is typically an administrative task. | |||||
| CVE-2019-19903 | 1 Backdropcms | 1 Backdrop Cms | 2019-12-27 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list of file types, aka XSS. This vulnerability is mitigated by the fact that an attacker must have a role with the "Administer file types" permission. | |||||
| CVE-2019-14770 | 1 Backdropcms | 1 Backdrop Core | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.) | |||||
| CVE-2019-14769 | 1 Backdropcms | 1 Backdrop | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.) | |||||
| CVE-2018-1000813 | 1 Backdropcms | 1 Backdrop Cms | 2019-01-06 | 3.5 LOW | 4.8 MEDIUM |
| Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later. | |||||