1.20.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-24	CVE-2023-31045	Cross-site Scripting vulnerability in Backdropcms Backdrop A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. network low complexity backdropcms CWE-79	4.8
2022-02-03	CVE-2021-45268	Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0 A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. network low complexity backdropcms CWE-352	8.8