Vulnerabilities > Backdropcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-19 CVE-2019-19901 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-79
4.8
4.8
2019-12-19 CVE-2019-19900 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2.
network
low complexity
backdropcms CWE-79
4.8
4.8
2019-08-08 CVE-2019-14770 Cross-site Scripting vulnerability in Backdropcms Backdrop Core
In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality.
network
low complexity
backdropcms CWE-79
6.1
6.1
2019-08-08 CVE-2019-14769 Cross-site Scripting vulnerability in Backdropcms Backdrop
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators.
network
low complexity
backdropcms CWE-79
6.1
6.1
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
6.1
2018-12-20 CVE-2018-1000813 Cross-site Scripting vulnerability in Backdropcms Backdrop CMS
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts.
network
low complexity
backdropcms CWE-79
4.8
4.8