Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
BackdropcmsBackdrop Cms

16 matches found

CVE
CVEadded 2019/08/08 1:35 a.m.120 views

CVE-2019-14771

CVE-2019-14771 affects Backdrop CMS: versions 1.12.x prior to 1.12.8 and 1.13.x prior to 1.13.3. The flaw lets an attacker upload entire-site configuration archives via the UI or CLI without validating archive contents, potentially permitting non-configuration scripts to be stored on the server. ...

9.8CVSS9.5AI score0.02601EPSS
CVE
CVEadded 2022/11/21 12:0 a.m.104 views

CVE-2022-42096

Backdrop CMS 1.23.0 contains a stored XSS in Post content. Exploitation requires authenticated content-creation/administrative privileges (per sources). An attacker can inject malicious JavaScript that may be executed when posts are viewed, potentially compromising administrator sessions. Remedia...

4.8CVSS4.8AI score0.01976EPSS
CVE
CVEadded 2019/12/19 5:3 a.m.97 views

CVE-2019-19902

Backdrop CMS 1.13.x (<1.13.5) and 1.14.x (

7.2CVSS7AI score0.01499EPSS
CVE
CVEadded 2019/12/19 5:3 a.m.96 views

CVE-2019-19900

Summary: Backdrop CMS is affected by a reflected/stored-XSS issue in the content-creation interface due to insufficient filtering of content type names. Affected versions are Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. An attacker must have a role with the “Administer content type...

4.8CVSS5AI score0.00552EPSS
CVE
CVEadded 2019/12/19 5:3 a.m.95 views

CVE-2019-19903

Backdrop CMS 1.14.x before 1.14.2 is affected by an XSS in file type descriptions due to insufficient output filtering. An attacker with the Administer file types permission can craft a description that triggers scripting when an administrator views the list of file types. Root cause: inadequate ...

4.8CVSS5AI score0.00552EPSS
CVE
CVEadded 2022/10/07 12:0 a.m.94 views

CVE-2022-42092

Backdrop CMS 1.22.0 is affected by an Unrestricted File Upload vulnerability via the themes component that can lead to Remote Code Execution. The issue is documented across multiple sources as susceptible to exploitation, with third-party notes arguing that advanced permissions may be required. A...

7.2CVSS7.1AI score0.01468EPSS
CVE
CVEadded 2019/12/19 5:2 a.m.91 views

CVE-2019-19901

Backdrop CMS vulnerability CVE-2019-19901 affects 1.13.x before 1.13.5 and 1.14.x before 1.14.2. The issue is an XSS flaw in how block descriptions created by administrators are rendered, due to insufficient output filtering when displaying certain block descriptions. An attacker could craft a de...

4.8CVSS4.8AI score0.00552EPSS
CVE
CVEadded 2022/11/23 12:0 a.m.91 views

CVE-2022-42095

Backdrop CMS 1.23.0 contains a stored XSS vulnerability in Page content. The nuclei template identifies the vulnerable component as the Page content handling, with impact including injection of malicious scripts that could lead to data theft, session hijacking, or defacement. Root cause details i...

4.8CVSS4.8AI score0.01947EPSS
CVE
CVEadded 2025/02/03 12:0 a.m.71 views

CVE-2025-25062

CVE-2025-25062 is an XSS vulnerability in Backdrop CMS (CKEditor 5 module) affecting 1.28.x prior to 1.28.5 and 1.29.x prior to 1.29.3. The issue arises from insufficient isolation of long text content, enabling crafted HTML/JS to execute when an administrator edits content. Exploitation prospect...

4.4CVSS5.8AI score0.01654EPSS
Web
CVE
CVEadded 2023/04/24 12:0 a.m.69 views

CVE-2023-31045

Backdrop CMS

4.8CVSS4.9AI score0.00536EPSS
CVE
CVEadded 2022/08/01 7:24 p.m.61 views

CVE-2022-34530

CVE-2022-34530 affects Backdrop CMS v1.22.0. The issue lies in the login and password reset flow, allowing an attacker to enumerate usernames via password reset requests and receive distinct responses based on the username. The provided documents note a low confidentiality impact but do not speci...

5.3CVSS5.4AI score0.00513EPSS
CVE
CVEadded 2024/11/29 12:0 a.m.57 views

CVE-2024-54123

The CVE-2024-54123 entry affects Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2. The vulnerability is a cross-site scripting (XSS) flaw triggered when an SVG document is used and the SVG tag is allowed for a text format, enabling an attacker to inject script via SVG markup. Impact details in...

6.1CVSS6.1AI score0.00278EPSS
CVE
CVEadded 2025/02/03 12:0 a.m.57 views

CVE-2025-25063

Backdrop CMS has an XSS vulnerability (CVE-2025-25063) in versions 1.28.x before 1.28.5 and 1.29.x before 1.29.3 due to insufficient validation of uploaded SVG images. Crafted SVGs could execute scripting when viewed directly via their URL, though sanitization occurs by embedding all uploaded SVG...

4.4CVSS5.7AI score0.00187EPSS
CVE
CVEadded 2018/12/20 3:0 p.m.43 views

CVE-2018-1000813

The CVE concerns Backdrop CMS versions up to 1.11.0, where a Cross Site Scripting (XSS) vulnerability exists in the sanitization of custom class names used on blocks and layouts, potentially enabling JavaScript execution from an unexpected source. The attack requires a user to be directed to an a...

4.8CVSS5AI score0.00741EPSS
CVE
CVEadded 2025/06/26 12:0 a.m.19 views

CVE-2025-44141

CVE-2025-44141 affects Backdrop CMS 1.30 with a Cross-Site Scripting (XSS) flaw in the node creation form. The available documents describe the vulnerability and its exposure, but do not provide root-cause details, affected files beyond the node creation form, or concrete remediation steps. Explo...

6.1CVSS6AI score0.0019EPSS
CVE
CVEadded 2025/11/18 12:0 a.m.11 views

CVE-2025-63828

CVE-2025-63828 is a host header injection vulnerability in Backdrop CMS 1.32.1. The issue arises from manipulation of the Host header during password reset requests, which can cause redirects to malicious domains and may enable session hijacking via cookie injection. Documents consistently descri...

6.1CVSS7AI score0.00182EPSS