CVE-2019-19903
Backdrop CMS 1.14.x before 1.14.2 is affected by an XSS in file type descriptions due to insufficient output filtering. An attacker with the Administer file types permission can craft a description that triggers scripting when an administrator views the list of file types. Root cause: inadequate ...