Vulnerabilities > Backdropcms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-03	CVE-2021-45268	Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0 A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. network low complexity backdropcms CWE-352	8.8
2019-12-19	CVE-2019-19903	Cross-site Scripting vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. network low complexity backdropcms CWE-79	4.8
2019-12-19	CVE-2019-19902	Improper Input Validation vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. network low complexity backdropcms CWE-20	7.2
2019-12-19	CVE-2019-19901	Cross-site Scripting vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. network low complexity backdropcms CWE-79	4.8
2019-12-19	CVE-2019-19900	Cross-site Scripting vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. network low complexity backdropcms CWE-79	4.8
2019-08-08	CVE-2019-14771	Improper Input Validation vulnerability in Backdropcms Backdrop CMS Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. network low complexity backdropcms CWE-20 critical	9.8
2019-08-08	CVE-2019-14770	Cross-site Scripting vulnerability in Backdropcms Backdrop Core In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. network low complexity backdropcms CWE-79	6.1
2019-08-08	CVE-2019-14769	Cross-site Scripting vulnerability in Backdropcms Backdrop Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. network low complexity backdropcms CWE-79	6.1
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2018-12-20	CVE-2018-1000813	Cross-site Scripting vulnerability in Backdropcms Backdrop CMS Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. network low complexity backdropcms CWE-79	4.8

Vulnerabilities > Backdropcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Backdropcms"}]}

Vulnerabilities > Backdropcms