326 matches found
CVE-2022-42097
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via 'Comment.'...
CVE-2024-41709
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission...
Host Header Injection
Backdrop CMS is vulnerable to Host Header Injection. The vulnerability is due to improper validation of the Host header in password reset requests, which allows an attacker to manipulate redirects to malicious domains and potentially perform session hijacking via cookie injection...
CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
HTTP Header Injection
Overview backdrop/backdrop is a CMS that helps you build websites for businesses and non-profits. Affected versions of this package are vulnerable to HTTP Header Injection via manipulation of the Host header in password reset requests. An attacker can cause users to be redirected to malicious...
Backdrop CMS Host Header Injection vulnerability
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
GHSA-FFPG-GM3H-4P5P Backdrop CMS Host Header Injection vulnerability
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection...
Backdrop CMS 安全漏洞
Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS version 1.32.1 that stems from improper manipulation of the Host header in a password reset request, which could lead to redirection to a malicious domain and session...
CVE-2025-63828
CVE-2025-63828 is a host header injection vulnerability in Backdrop CMS 1.32.1. The issue arises from manipulation of the Host header during password reset requests, which can cause redirects to malicious domains and may enable session hijacking via cookie injection. Documents consistently descri...
PT-2025-47370
Name of the Vulnerable Software and Affected Versions Backdrop CMS version 1.32.1 Description A Host Header Injection flaw exists in Backdrop CMS. This issue allows attackers to manipulate the Host header within password reset requests. Successful exploitation can lead to redirection to malicious...
EUVD-2019-5908
Malware in sbrugna...
EUVD-2019-9495
Malware in sbrugna...
EUVD-2018-2012
Malware in sbrugna...
EUVD-2019-9492
Malware in sbrugna...
EUVD-2019-9493
Malware in sbrugna...
EUVD-2019-5906
Malware in sbrugna...