Lucene search
K

326 matches found

Veracode
Veracode
added 2025/02/04 6:39 a.m.8 views

Cross-site Scripting (XSS)

Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG images due to insufficient filtering of dangerous SVG tags, allowing an attacker to execute scripts in the browser when an SVG image is viewed directly via its URL...

4.4CVSS6.6AI score0.00185EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/02/04 6:24 a.m.7 views

Cross-site Scripting (XSS)

Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper content isolation due to insufficient sanitization of long text content when using the CKEditor 5 rich text editor, allowing an attacker to inject malicious HTML and JavaScript that executes when an...

4.4CVSS4.5AI score0.0164EPSS
Exploits3References5Affected Software1
Snyk
Snyk
added 2025/02/03 4:40 a.m.4 views

Cross-site Scripting (XSS)

Overview backdrop/backdrop is a CMS that helps you build websites for businesses and non-profits. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient validation of uploaded SVG images. A user with SVG upload privileges who convinces another user to...

8.7CVSS5.4AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2025/02/03 4:15 a.m.2 views

CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...

4.4CVSS5.1AI score
Exploits0References1
NVD
NVD
added 2025/02/03 4:15 a.m.30 views

CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...

4.4CVSS0.00185EPSS
Exploits0References1
NVD
NVD
added 2025/02/03 4:15 a.m.21 views

CVE-2025-25062

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...

4.4CVSS0.0164EPSS
Exploits3References3
OSV
OSV
added 2025/02/03 4:15 a.m.5 views

CVE-2025-25062

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...

4.4CVSS5.5AI score0.0164EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.44 views

CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...

4.4CVSS0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.4 views

PT-2025-5616 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.28.x through 1.28.4 Backdrop CMS versions 1.29.x through 1.29.2 Description: A security issue was discovered related to the validation of uploaded SVG images. These images can contain clickable links and executable...

4.4CVSS6.9AI score0.00185EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.7 views

CVE-2025-25062

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...

4.4CVSS5.7AI score0.0164EPSS
Exploits3References3
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.11 views

Backdrop CMS 安全漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS version 1.28.x prior to version 1.28.5 and version 1.29.x prior to version 1.29.3, which stems from insufficient validation of uploaded SVG images and makes it vulnerable...

4.4CVSS5.7AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.5 views

PT-2025-5615 · Unknown · Ckeditor 5 +1

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.28.x through 1.28.4 Backdrop CMS versions 1.29.x through 1.29.2 Description: A cross-site scripting XSS issue was discovered in Backdrop CMS when using the CKEditor 5 rich text editor. The issue arises because the syst...

4.4CVSS4.3AI score0.0164EPSS
Exploits3References8
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.5 views

Backdrop CMS 安全漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS version 1.28.x prior to version 1.28.5 and version 1.29.x prior to version 1.29.3, which stems from a failure to adequately isolate long text content when using CKEditor ...

4.4CVSS5.8AI score0.0164EPSS
Exploits3References1
CVE
CVE
added 2025/02/03 12:0 a.m.59 views

CVE-2025-25063

Backdrop CMS has an XSS vulnerability (CVE-2025-25063) in versions 1.28.x before 1.28.5 and 1.29.x before 1.29.3 due to insufficient validation of uploaded SVG images. Crafted SVGs could execute scripting when viewed directly via their URL, though sanitization occurs by embedding all uploaded SVG...

4.4CVSS5.7AI score0.00185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.26 views

CVE-2025-25062

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...

4.4CVSS0.0164EPSS
Exploits3References3
CVE
CVE
added 2025/02/03 12:0 a.m.76 views

CVE-2025-25062

CVE-2025-25062 is an XSS vulnerability in Backdrop CMS (CKEditor 5 module) affecting 1.28.x prior to 1.28.5 and 1.29.x prior to 1.29.3. The issue arises from insufficient isolation of long text content, enabling crafted HTML/JS to execute when an administrator edits content. Exploitation prospect...

4.4CVSS5.8AI score0.0164EPSS
Exploits3References3Affected Software1
GithubExploit
GithubExploit
added 2024/12/14 8:25 p.m.475 views

Exploit for CVE-2025-25062

CVE-2025-25062 - Description - Usageusage...

4.4CVSS5AI score0.0164EPSS
Exploits3
NVD
NVD
added 2024/11/29 4:15 a.m.22 views

CVE-2024-54123

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...

6.1CVSS0.00283EPSS
Exploits0References1
OSV
OSV
added 2024/11/29 4:15 a.m.4 views

CVE-2024-54123

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...

6.1CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.7 views

PT-2024-36055

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.28.4 Backdrop CMS versions 1.29.x prior to 1.29.2 Description: The issue allows for Cross Site Scripting XSS via an SVG document, if the SVG tag is allowed for a text format. This occurs in Backdrop CMS when a...

6.1CVSS5.9AI score0.00283EPSS
Exploits0References6
Rows per page
Query Builder