Vulnerabilities > Backdropcms

DATE CVE VULNERABILITY TITLE RISK
2019-12-19 CVE-2019-19903 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.14.x before 1.14.2.
3.5
2019-12-19 CVE-2019-19902 Information Exposure vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-200
6.5
2019-12-19 CVE-2019-19901 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
3.5
2019-12-19 CVE-2019-19900 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
3.5
2019-08-08 CVE-2019-14771 Improper Input Validation vulnerability in Backdropcms Backdrop CMS
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line.
network
low complexity
backdropcms CWE-20
critical
9.8
2019-08-08 CVE-2019-14770 Cross-site Scripting vulnerability in Backdropcms Backdrop Core
In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality.
4.3
2019-08-08 CVE-2019-14769 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators.
4.3
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-12-20 CVE-2018-1000813 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts.
3.5