CVE-2019-19903

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list o...

CVE-2019-19903

Backdrop CMS 1.14.x before 1.14.2 is affected by an XSS in file type descriptions due to insufficient output filtering. An attacker with the Administer file types permission can craft a description that triggers scripting when an administrator views the list of file types. Root cause: inadequate ...

CVE-2019-19901

Backdrop CMS vulnerability CVE-2019-19901 affects 1.13.x before 1.13.5 and 1.14.x before 1.14.2. The issue is an XSS flaw in how block descriptions created by administrators are rendered, due to insufficient output filtering when displaying certain block descriptions. An attacker could craft a de...

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute...

Backdrop CMS Information Disclosure Vulnerability

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions 1.13.x prior to 1.13.5 and 1.14.x prior to 1.14.2, which stems from the program's failure to adequately check for invalid data in uploaded archive files. An attacker could exploi...

Backdrop CMS Cross-Site Scripting Vulnerability (CNVD-2020-03710)

Backdrop CMS is a simple, open source, easy-to-use lightweight content management system for building attractive, professional websites. A cross-site scripting vulnerability exists in Backdrop CMS. The vulnerability stems from Backdrop CMS failing to adequately filter output when displaying...

Backdrop CMS Cross-Site Scripting Vulnerability (CNVD-2020-03709)

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS version 1.13.x before 1.13.5 and version 1.14.x before 1.14.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker...

Backdrop CMS Cross-Site Scripting Vulnerability (CNVD-2020-03708)

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS version 1.13.x before 1.13.5 and version 1.14.x before 1.14.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker...

Backdrop CMS Cross-Site Scripting Vulnerability (CNVD-2019-26880)

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS version 1.12.x before 1.12.8 and version 1.13.x before 1.13.3. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker...

Unspecified Vulnerability in Backdrop CMS

Backdrop CMS is an open source content management system CMS. A security vulnerability exists in Backdrop CMS versions 1.12.x prior to 1.12.8 and 1.13.x prior to 1.13.3, which stems from the program's failure to adequately check uploaded archive files. An attacker can exploit the vulnerability to...

Backdrop CMS Cross-Site Scripting Vulnerability

Backdrop CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in Backdrop CMS versions 1.12.x before 1.12.8 and 1.13.x before 1.13.3. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

CVE-2019-14770

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

CVE-2019-14770

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

CVE-2019-14771

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the...

Code injection

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

Sql injection

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

Command injection

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 fails to properly filter output for certain administrator-created block labels, allowing an attacker with block-creation/admin rights to craft a label that could trigger scripting during layout administration. A fix is available in 1.12.8...