Vulnerabilities > Backdropcms > Backdrop > 1.11.6

DATE CVE VULNERABILITY TITLE RISK
2023-04-24 CVE-2023-31045 Cross-site Scripting vulnerability in Backdropcms Backdrop
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
network
low complexity
backdropcms CWE-79
4.8
4.8
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
6.1