Vulnerabilities > Backdropcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-41709 | Cross-site Scripting vulnerability in Backdropcms Backdrop Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. | 4.8 |
| 2023-04-24 | CVE-2023-31045 | Cross-site Scripting vulnerability in Backdropcms Backdrop A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.8 |
| 2023-01-11 | CVE-2012-10004 | Cross-site Scripting vulnerability in Backdropcms Basic Cart 1.0/1.1 A vulnerability was found in backdrop-contrib Basic Cart on Drupal. | 6.1 |
| 2022-11-23 | CVE-2022-42095 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | 4.8 |
| 2022-11-22 | CVE-2022-42094 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | 4.8 |
| 2022-11-22 | CVE-2022-42097 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | 4.8 |
| 2022-11-21 | CVE-2022-42096 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | 4.8 |
| 2022-10-07 | CVE-2022-42092 | Unrestricted Upload of File with Dangerous Type vulnerability in Backdropcms Backdrop CMS 1.22.0 Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. | 7.2 |
| 2022-08-01 | CVE-2022-34530 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Backdropcms Backdrop CMS An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. | 5.3 |
| 2022-02-15 | CVE-2022-24590 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.21.1 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | 5.4 |