326 matches found
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via Post content. id: CVE-2022-42096 info: name: Backdrop CMS version 1.23.0 - Cross Site Scripting Stored author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 was...
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
CVE-2026-45430
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
CVE-2025-71310
The CVE 2025-71310 affects the GDPR cookies module for Backdrop CMS (before 1.x-1.3.5). The vulnerability is an XSS risk triggered when a malicious value is supplied in the optional YouTube service’s Info content field, under the condition that an attacker has either the "Create a GDPR Cookies Se...
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
EUVD-2025-209927
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
CVE-2025-71310
The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...
Backdrop CMS 安全漏洞
Backdrop CMS is an open-source content management system developed by Backdrop CMS. Versions of Backdrop CMS prior to 1.x-1.3.5 contained security vulnerabilities. These vulnerabilities stemmed from insufficient protection against cross-site scripting attacks. If optional information fields in th...
EUVD-2026-29373
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...
CVE-2026-45430
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...
CVE-2026-45430
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...
CVE-2026-45430
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...
CVE-2026-45430
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...
CVE-2026-45430
CVE-2026-45430 affects the Salesforce module for Backdrop CMS (vulnerable: 1.x-1.0.0 and earlier; fixed in 1.x-1.0.1 or later). The root cause is the module not properly using a random state parameter to protect the OAuth-like authorization flow, leaving it susceptible to CSRF attacks. The CVSSv3...
PT-2026-39931
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks...
📄 Backdrop CMS 1.29.2 CSRF / XSS / Privilege Escalation
Proof of concept exploit that demonstrates how Backdrop CMS version 1.29.2 suffers from cross site request forgery, persistent cross site scripting, and privilege escalation vulnerabilities...
CVE-2022-42094
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the 'Card' content...
CVE-2022-42095
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Page content...