Vulnerabilities > Backdropcms

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-41709 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places.
network
low complexity
backdropcms CWE-79
4.8
2023-04-24 CVE-2023-31045 Cross-site Scripting vulnerability in Backdropcms Backdrop
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
network
low complexity
backdropcms CWE-79
4.8
2023-01-11 CVE-2012-10004 Cross-site Scripting vulnerability in Backdropcms Basic Cart 1.0/1.1
A vulnerability was found in backdrop-contrib Basic Cart on Drupal.
network
low complexity
backdropcms CWE-79
6.1
2022-11-23 CVE-2022-42095 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
network
low complexity
backdropcms CWE-79
4.8
2022-11-22 CVE-2022-42094 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
network
low complexity
backdropcms CWE-79
4.8
2022-11-22 CVE-2022-42097 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
network
low complexity
backdropcms CWE-79
4.8
2022-11-21 CVE-2022-42096 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
network
low complexity
backdropcms CWE-79
4.8
2022-10-07 CVE-2022-42092 Unrestricted Upload of File with Dangerous Type vulnerability in Backdropcms Backdrop CMS 1.22.0
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution.
network
low complexity
backdropcms CWE-434
7.2
2022-08-01 CVE-2022-34530 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Backdropcms Backdrop CMS
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
network
low complexity
backdropcms CWE-640
5.3
2022-02-15 CVE-2022-24590 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.21.1
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.
network
low complexity
backdropcms CWE-79
5.4