CVE-2025-27822

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people who can masquerade from switching to an account with administrative...

CVE-2025-27824

An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.1.1, which stems from insufficient input cleanup and could lead to cross-site scripting attacks...

CVE-2025-27823

CVE-2025-27823 concerns the Mail Disguise module for Backdrop CMS, prior to version 1.x-1.0.5. The issue arises from insufficient validation of the data attribute value on links, which can enable a Cross Site Scripting (XSS) vulnerability if an attacker can insert anchor elements containing data ...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.0.5, which stems from insufficient validation of data attributes and could lead to cross-site scripting attacks...

CVE-2025-27825

CVE-2025-27825 affects Backdrop CMS using the Bootstrap 5 Lite theme prior to 1.x-1.0.3. Root cause: insufficient sanitization of certain class names in the theme, enabling an XSS vulnerability. Public exploitation details are not provided in the connected documents. No remediation details are ex...

CVE-2025-27822

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people who can masquerade from switching to an account with administrative...

CVE-2025-27823

An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.4.5, which stems from insufficient cleanup of certain class names and could lead to cross-site scripting attacks...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.0.3, which stems from insufficient cleanup of certain class names and could lead to cross-site scripting attacks...

CVE-2025-27826

CVE-2025-27826 affects Backdrop CMS via the Bootstrap Lite theme (before 1.x-1.4.5). The underlying issue is insufficient sanitization of certain class names, enabling cross-site scripting (XSS). The citation shows a CVSS v3.1 base score of 6.4 (Medium) with network attack vector and low privileg...

CVE-2025-27826

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27825

An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27825

An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27826

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...

CVE-2025-27824

An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an...

CVE-2025-27824

CVE-2025-27824 affects Backdrop CMS via the Link iframe formatter module (pre-1.x-1.1.1). The underlying issue is insufficient sanitization of input before rendering results, enabling cross-site scripting when an attacker can create content containing an iFrame field. The vulnerability is mitigat...

CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...

CVE-2025-25062

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...

Backdrop CMS 1.29.2 Cross Site Scripting / Cross Site Request Forgery

Backdrop CMS version 1.29.2 remote exploit that chains a persistent cross site scripting vulnerability with a cross site request forgery payload to achieve privilege escalation form the role of Editor to Administrator...