CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2024/11/29 12:0 a.m.•62 views

CVE-2024-54123

The CVE-2024-54123 entry affects Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2. The vulnerability is a cross-site scripting (XSS) flaw triggered when an SVG document is used and the SVG tag is allowed for a text format, enabling an attacker to inject script via SVG markup. Impact details in...

6.1CVSS6.1AI score0.00283EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/11/29 12:0 a.m.•3 views

Backdrop CMS 安全漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS version 1.28.X prior to 1.28.4 and version 1.29.X prior to 1.29.2, which stems from a text formatting that allows the use of SVG markup, which makes it vulnerable to...

6.1CVSS5.9AI score0.00283EPSS

Cvelist•added 2024/11/29 12:0 a.m.•21 views

CVE-2024-54123

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format...

0.00283EPSS

Microsoft CVE•added 2024/09/11 7:0 a.m.•4 views

jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.

...

6.1CVSS6.8AI score0.87218EPSS

Exploits4

OSV•added 2024/07/22 6:31 a.m.•10 views

GHSA-3WMX-48G3-X66G Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...

4.8CVSS5AI score0.00297EPSS

Exploits0References5

Github Security Blog•added 2024/07/22 6:31 a.m.•13 views

Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places

6.1CVSS6.8AI score0.00297EPSS

Exploits0References5Affected Software1

NVD•added 2024/07/22 6:15 a.m.•18 views

CVE-2024-41709

6.1CVSS0.00297EPSS

OSV•added 2024/07/22 6:15 a.m.•13 views

CVE-2024-41709

4.8CVSS6.7AI score

Vulnrichment•added 2024/07/22 12:0 a.m.•14 views

CVE-2024-41709

6.8AI score0.00297EPSS

CVE•added 2024/07/22 12:0 a.m.•57 views

CVE-2024-41709

Backdrop CMS contains an input sanitization flaw in field labels that is triggered when rendering in certain UI paths. Affected versions are 1.27.3 and 1.28.x prior to 1.28.2; exploitation requires a user with the administer fields permission. Remediation: upgrade to Backdrop CMS 1.27.3 or 1.28.2...

6.1CVSS7AI score0.00297EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/07/22 12:0 a.m.•19 views

CVE-2024-41709

0.00297EPSS

Packet Storm•added 2024/05/20 12:0 a.m.•346 views

Backdrop CMS 1.27.1 Remote Command Execution

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os impor...

0day.today•added 2024/05/19 12:0 a.m.•287 views

Backdrop CMS 1.27.1 - Remote Command Execution Exploit

Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS import os import time import...

Exploit DB•added 2024/05/19 12:0 a.m.•1529 views

Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)

Exploit Title: Backdrop CMS 1.27.1 - Authenticated Remote Command Execution RCE Date: 04/27/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip Version: latest Tested on: MacOS...

Packet Storm•added 2024/03/19 12:0 a.m.•296 views

Backdrop CMS 1.23.0 Cross Site Scripting

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Date: 2023-08-21 Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body...

0day.today•added 2024/03/18 12:0 a.m.•309 views

Backdrop CMS 1.23.0 - Stored XSS Vulnerability

Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body of the post...

Exploit DB•added 2024/03/18 12:0 a.m.•289 views

Backdrop CMS 1.23.0 - Stored XSS