326 matches found
Cross-site Scripting (XSS)
Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of uploaded SVG images due to insufficient filtering of dangerous SVG tags, allowing an attacker to execute scripts in the browser when an SVG image is viewed directly via its URL...
Cross-site Scripting (XSS)
Backdrop CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper content isolation due to insufficient sanitization of long text content when using the CKEditor 5 rich text editor, allowing an attacker to inject malicious HTML and JavaScript that executes when an...
Cross-site Scripting (XSS)
Overview backdrop/backdrop is a CMS that helps you build websites for businesses and non-profits. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient validation of uploaded SVG images. A user with SVG upload privileges who convinces another user to...
CVE-2025-25063
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...
CVE-2025-25063
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...
CVE-2025-25062
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...
CVE-2025-25062
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...
CVE-2025-25063
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, ...
PT-2025-5616 · Unknown · Backdrop Cms
Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.28.x through 1.28.4 Backdrop CMS versions 1.29.x through 1.29.2 Description: A security issue was discovered related to the validation of uploaded SVG images. These images can contain clickable links and executable...
CVE-2025-25062
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...
Backdrop CMS 安全漏洞
Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS version 1.28.x prior to version 1.28.5 and version 1.29.x prior to version 1.29.3, which stems from insufficient validation of uploaded SVG images and makes it vulnerable...
PT-2025-5615 · Unknown · Ckeditor 5 +1
Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions 1.28.x through 1.28.4 Backdrop CMS versions 1.29.x through 1.29.2 Description: A cross-site scripting XSS issue was discovered in Backdrop CMS when using the CKEditor 5 rich text editor. The issue arises because the syst...
Backdrop CMS 安全漏洞
Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS version 1.28.x prior to version 1.28.5 and version 1.29.x prior to version 1.29.3, which stems from a failure to adequately isolate long text content when using CKEditor ...
CVE-2025-25063
Backdrop CMS has an XSS vulnerability (CVE-2025-25063) in versions 1.28.x before 1.28.5 and 1.29.x before 1.29.3 due to insufficient validation of uploaded SVG images. Crafted SVGs could execute scripting when viewed directly via their URL, though sanitization occurs by embedding all uploaded SVG...
CVE-2025-25062
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an...
CVE-2025-25062
CVE-2025-25062 is an XSS vulnerability in Backdrop CMS (CKEditor 5 module) affecting 1.28.x prior to 1.28.5 and 1.29.x prior to 1.29.3. The issue arises from insufficient isolation of long text content, enabling crafted HTML/JS to execute when an administrator edits content. Exploitation prospect...
Exploit for CVE-2025-25062
CVE-2025-25062 - Description - Usageusage...
CVE-2024-54123
Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...
CVE-2024-54123
Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...
PT-2024-36055
Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.28.4 Backdrop CMS versions 1.29.x prior to 1.29.2 Description: The issue allows for Cross Site Scripting XSS via an SVG document, if the SVG tag is allowed for a text format. This occurs in Backdrop CMS when a...