Vulnerabilities > Backdropcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-22 CVE-2024-41709 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places.
network
low complexity
backdropcms CWE-79
4.8
4.8
2023-04-24 CVE-2023-31045 Cross-site Scripting vulnerability in Backdropcms Backdrop
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
network
low complexity
backdropcms CWE-79
4.8
4.8
2023-01-11 CVE-2012-10004 Cross-site Scripting vulnerability in Backdropcms Basic Cart 1.0/1.1
A vulnerability was found in backdrop-contrib Basic Cart on Drupal.
network
low complexity
backdropcms CWE-79
6.1
6.1
2022-11-23 CVE-2022-42095 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
network
low complexity
backdropcms CWE-79
4.8
4.8
2022-11-22 CVE-2022-42094 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
network
low complexity
backdropcms CWE-79
4.8
4.8
2022-11-22 CVE-2022-42097 Cross-site Scripting vulnerability in Backdropcms Backdrop 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
network
low complexity
backdropcms CWE-79
4.8
4.8
2022-11-21 CVE-2022-42096 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS 1.23.0
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
network
low complexity
backdropcms CWE-79
4.8
4.8
2019-12-19 CVE-2019-19902 Information Exposure vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-200
6.5
6.5
2019-08-08 CVE-2019-14770 Cross-site Scripting vulnerability in Backdropcms Backdrop Core
In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. 		4.3
4.3
2019-08-08 CVE-2019-14769 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. 		4.3
4.3