326 matches found
CVE-2025-46595
An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...
CVE-2025-46595
An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...
CVE-2025-46595
An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provid...
Backdrop CMS 跨站脚本漏洞
Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-3.6.2, which stems from a failure to validate a tagged link before performing a tagged operation, which could lead to a cross-site...
CVE-2025-46595
The CVE affects Backdrop CMS, specifically the Flag module versions prior to 1.x-3.6.2. The root cause is that the module does not verify flag links before performing the flag action, nor verify that the response comes from the flag module, allowing crafted HTML to trigger Cross Site Scripting. P...
PT-2025-17873 · Backdrop Cms · Flag
Name of the Vulnerable Software and Affected Versions: Backdrop CMS Flag module versions prior to 1.x-3.6.2 Description: A Cross-Site Scripting issue was discovered in the Flag module for Backdrop CMS. The module does not verify flag links before performing the flag action, or verify that the...
Backdrop CMS 1.27.1 Remote Command Execution
Backdrop CMS version 1.27.1 proof of concept remote command execution exploit for a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Backdrop CMS 1.27.1 PHP COd...
CVE-2025-27823
An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...
CVE-2025-27825
An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...
CVE-2025-27826
An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...
CVE-2025-27824
An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an...
CVE-2025-27822
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people who can masquerade from switching to an account with administrative...
CVE-2025-27826
An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...
CVE-2025-27823
An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...
CVE-2025-27824
An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an...
CVE-2025-27825
An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names...
CVE-2025-27822
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people who can masquerade from switching to an account with administrative...
CVE-2025-27823
An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...
Backdrop CMS 安全漏洞
Backdrop CMS is a content management system CMS from Backdrop CMS open source. A security vulnerability exists in Backdrop CMS versions prior to 1.x-1.0.1, which stems from improper privilege management and could allow a non-administrative user to impersonate an administrator...
CVE-2025-27822
CVE-2025-27822 : Affects Backdrop CMS via the Masquerade module before 1.x-1.0.1. The vulnerability arises because the value of the permission "Masquerade as admin" is not consistently enforced, potentially allowing a user with the "Masquerade as user" permission to masquerade as an administrator...