Vulnerabilities > Backdropcms

DATE CVE VULNERABILITY TITLE RISK
2022-02-03 CVE-2021-45268 Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file.
network
low complexity
backdropcms CWE-352
8.8
2019-12-19 CVE-2019-19903 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-79
4.8
2019-12-19 CVE-2019-19902 Improper Input Validation vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-20
7.2
2019-12-19 CVE-2019-19901 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-79
4.8
2019-12-19 CVE-2019-19900 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-79
4.8
2019-08-08 CVE-2019-14771 Improper Input Validation vulnerability in Backdropcms Backdrop CMS
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line.
network
low complexity
backdropcms CWE-20
critical
9.8
2019-08-08 CVE-2019-14770 Cross-site Scripting vulnerability in Backdropcms Backdrop Core
In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality.
network
low complexity
backdropcms CWE-79
6.1
2019-08-08 CVE-2019-14769 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators.
network
low complexity
backdropcms CWE-79
6.1
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-12-20 CVE-2018-1000813 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts.
network
low complexity
backdropcms CWE-79
4.8