Vulnerabilities > Backdropcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-22 | CVE-2024-41709 | Cross-site Scripting vulnerability in Backdropcms Backdrop Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. | 4.8 |
2023-04-24 | CVE-2023-31045 | Cross-site Scripting vulnerability in Backdropcms Backdrop A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.8 |
2023-01-11 | CVE-2012-10004 | Cross-site Scripting vulnerability in Backdropcms Basic Cart 1.0/1.1 A vulnerability was found in backdrop-contrib Basic Cart on Drupal. | 6.1 |
2022-11-23 | CVE-2022-42095 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | 4.8 |
2022-11-22 | CVE-2022-42094 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | 4.8 |
2022-11-22 | CVE-2022-42097 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | 4.8 |
2022-11-21 | CVE-2022-42096 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | 4.8 |
2022-10-07 | CVE-2022-42092 | Unrestricted Upload of File with Dangerous Type vulnerability in Backdropcms Backdrop CMS 1.22.0 Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. | 7.2 |
2022-02-15 | CVE-2022-24590 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.21.1 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | 3.5 |
2022-02-03 | CVE-2021-45268 | Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0 A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. | 8.8 |