Vulnerabilities > Backdropcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-03 | CVE-2021-45268 | Cross-Site Request Forgery (CSRF) vulnerability in Backdropcms Backdrop 1.20.0 A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. | 8.8 |
2019-12-19 | CVE-2019-19903 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. | 4.8 |
2019-12-19 | CVE-2019-19902 | Improper Input Validation vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. | 7.2 |
2019-12-19 | CVE-2019-19901 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. | 4.8 |
2019-12-19 | CVE-2019-19900 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. | 4.8 |
2019-08-08 | CVE-2019-14771 | Improper Input Validation vulnerability in Backdropcms Backdrop CMS Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. | 9.8 |
2019-08-08 | CVE-2019-14770 | Cross-site Scripting vulnerability in Backdropcms Backdrop Core In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. | 6.1 |
2019-08-08 | CVE-2019-14769 | Cross-site Scripting vulnerability in Backdropcms Backdrop Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. | 6.1 |
2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
2018-12-20 | CVE-2018-1000813 | Cross-site Scripting vulnerability in Backdropcms Backdrop CMS Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. | 4.8 |