CVE-2025-71310

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

Backdrop CMS Host Header Injection vulnerability

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...

Unspecified Vulnerability in Backdrop CMS

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions 1.12.x prior to 1.12.8 and 1.13.x prior to 1.13.3, which stems from the program's failure to adequately check uploaded archive files. An attacker can exploit the vulnerability to...

UBUNTU-CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...