MAL-2025-1738 Malicious code in backpack-android (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in backpack-foundations (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4bba8fcd3cb3b4c99abd7a1cff3ddb0e0c15a179005fbed75b0441572a2dad1 Any computer that has this package installed or running should be considered...

MAL-2025-637 Malicious code in backpack-foundations (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4bba8fcd3cb3b4c99abd7a1cff3ddb0e0c15a179005fbed75b0441572a2dad1 Any computer that has this package installed or running should be considered...

Remote Code Execution (RCE)

backpack/filemanager is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of untrusted data during deserialization from the mimes parameter, allows an attacker to execute remote code on the affected system...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the mimes parameter. Details Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse...

CVE-2024-52306

CVE-2024-52306 affects the Backpack FileManager component used in Laravel Backpack, where deserialization of untrusted data from the mimes parameter can lead to remote code execution. The issue is caused by insecure deserialization prior to version 3.0.9. A fix is available in 3.0.9 and later. Im...

CVE-2024-52306 FileManager Deserialization of Untrusted Data

FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9...

CVE-2024-4756

The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Plugin WP Backpack Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-32659 · WordPress · Wp Backpack

Name of the Vulnerable Software and Affected Versions: WP Backpack WordPress plugin versions through 2.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

WordPress WP Backpack plugin <= 2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP Backpack versions = 2.1...

WordPress WP Backpack Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Backpack Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4756 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cb14ff5810b9 Credits Bob Matyas Required privilege...

WP Backpack <= 2.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

Backpack\CRUD for Laravel XSS Vulnerability

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

GHSA-6GFM-GPR3-8WH9 Backpack\CRUD for Laravel XSS Vulnerability

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

Cross-site Scripting (XSS)

backpack/crud is vulnerable to cross-site scripting XSS. The vulnerability exists as the attributes in the select field of select.blade.php was not sanitized...

CVE-2018-20962

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

CVE-2018-20962

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

CVE-2018-20962

CVE-2018-20962 affects Backpack\CRUD for Laravel (component Backpack) prior to 3.4.9. The vulnerability is an XSS via the select field type, caused by unsanitized attributes in the select.blade.php implementation. Affected ecosystem: Laravel-based Backpack\CRUD, with public references confirming ...

CVE-2018-20962

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...