Vulnerabilities > Backdropcms > Backdrop > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-41709 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places.
network
low complexity
backdropcms CWE-79
4.8
4.8
2023-04-24 CVE-2023-31045 Cross-site Scripting vulnerability in Backdropcms Backdrop
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
network
low complexity
backdropcms CWE-79
4.8
4.8
2022-11-22 CVE-2022-42094 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
network
low complexity
backdropcms CWE-79
4.8
4.8
2022-11-22 CVE-2022-42097 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
network
low complexity
backdropcms CWE-79
4.8
4.8
2019-08-08 CVE-2019-14769 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. 		4.3
4.3
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
6.1