Vulnerabilities > Backdropcms > Backdrop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-24 | CVE-2023-31045 | Cross-site Scripting vulnerability in Backdropcms Backdrop A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.8 |
| 2022-11-22 | CVE-2022-42094 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. | 4.8 |
| 2022-11-22 | CVE-2022-42097 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | 4.8 |
| 2022-02-15 | CVE-2022-24590 | Cross-site Scripting vulnerability in Backdropcms Backdrop 1.21.1 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. | 3.5 |
| 2022-02-03 | CVE-2021-45268 | Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0 A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. | 8.8 |
| 2019-08-08 | CVE-2019-14769 | Cross-site Scripting vulnerability in Backdropcms Backdrop Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. | 4.3 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |