GHSA-FFPG-GM3H-4P5P Backdrop CMS Host Header Injection vulnerability

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

CVE-2025-63828

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

CVE-2023-31045

A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.0.5, which stems from insufficient validation of data attributes and could lead to cross-site scripting attacks...

PT-2025-5616 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.28.x through 1.28.4 Backdrop CMS versions 1.29.x through 1.29.2 Description: A security issue was discovered related to the validation of uploaded SVG images. These images can contain clickable links and executable...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions prior to 1.24.2. An attacker can exploit this vulnerability to inject arbitrary web script or html code via the name parameter...

Backdrop CMS Information Disclosure Vulnerability

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions 1.13.x prior to 1.13.5 and 1.14.x prior to 1.14.2, which stems from the program's failure to adequately check for invalid data in uploaded archive files. An attacker could exploi...

Stored Cross-Site Scripting Vulnerability in Backdrop CMS Published Article Pages

Backdrop CMS is a foreign open source, free CMS system for small and medium-sized businesses and non-profit organizations. A stored cross-site scripting vulnerability exists in the Backdrop CMS publish article page. An attacker can insert malicious js code into the page to obtain user cookies and...