3 matches found
CVE-2019-14769
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...
CVE-2019-14769
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...
CVE-2019-14769
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 fails to properly filter output for certain administrator-created block labels, allowing an attacker with block-creation/admin rights to craft a label that could trigger scripting during layout administration. A fix is available in 1.12.8...