CVE-2018-1000813
The CVE concerns Backdrop CMS versions up to 1.11.0, where a Cross Site Scripting (XSS) vulnerability exists in the sanitization of custom class names used on blocks and layouts, potentially enabling JavaScript execution from an unexpected source. The attack requires a user to be directed to an a...