Vulnerabilities > Backdropcms

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-41709 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places.
network
low complexity
backdropcms CWE-79
4.8
2023-04-24 CVE-2023-31045 Cross-site Scripting vulnerability in Backdropcms Backdrop
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
network
low complexity
backdropcms CWE-79
4.8
2023-01-11 CVE-2012-10004 Cross-site Scripting vulnerability in Backdropcms Basic Cart 1.0/1.1
A vulnerability was found in backdrop-contrib Basic Cart on Drupal.
network
low complexity
backdropcms CWE-79
6.1
2022-11-23 CVE-2022-42095 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
network
low complexity
backdropcms CWE-79
4.8
2022-11-22 CVE-2022-42094 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
network
low complexity
backdropcms CWE-79
4.8
2022-11-22 CVE-2022-42097 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
network
low complexity
backdropcms CWE-79
4.8
2022-11-21 CVE-2022-42096 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
network
low complexity
backdropcms CWE-79
4.8
2022-10-07 CVE-2022-42092 Unrestricted Upload of File with Dangerous Type vulnerability in Backdropcms Backdrop CMS 1.22.0
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution.
network
low complexity
backdropcms CWE-434
7.2
2022-02-15 CVE-2022-24590 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.21.1
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.
3.5
2022-02-03 CVE-2021-45268 Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file.
network
low complexity
backdropcms CWE-352
8.8