326 matches found
The vulnerability of the CMS system Backdrop CMS, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the CMS system Backdrop CMS is related to the failure to take measures to protect the structure of a web page as a result of performing the “Publish” action in the “Content” section. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attack...
Backdrop CMS 1.25.1 Cross Site Scripting
Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...
Backdrop Cms v1.25.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...
Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...
Stored Cross-Site Scripting (XSS)
backdrop/backdrop is vulnerable to Stored Cross-Site Scripting XSS attacks. A remote admin authenticated attacker is able to inject arbitrary web scripts or HTML through the name argument in Text Editors and Formats, modifying any sort of material, which allows the stored XSS payload to be execut...
GHSA-3862-C622-V4FP Cross-site Scripting in Backdrop CMS
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
Cross-site Scripting in Backdrop CMS
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
CVE-2023-31045
A stored Cross-site scripting XSS issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type e.g., page, post, or card as an admin, the stored XSS payload is execute...
CVE-2023-31045
Backdrop CMS
Backdrop CMS 跨站脚本漏洞
Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions prior to 1.24.2. An attacker can exploit this vulnerability to inject arbitrary web script or html code via the name parameter...
PT-2023-23121 · Unknown · Backdrop Cms
Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.24.2 Description: A stored Cross-site scripting XSS issue in Text Editors and Formats allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content...
K20455158: jQuery vulnerability CVE-2019-11358
Security Advisory Description jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...
CVE-2023-26265
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...
CVE-2023-26265
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...
Path traversal
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...
CVE-2023-26265
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...
CVE-2023-26265
The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...
CVE-2023-26265
The CVE-2023-26265 issue affects the Borg theme for Backdrop CMS older than 1.1.19. The vulnerability arises from insufficient sanitization of path arguments passed via URLs in the function borg_preprocess_page within template.php. The public-environ documents indicate this may enable improper ha...