Backdrop Cms Security Vulnerabilities and Issues — Backdrop Cms CVE List

Lucene search

BackdropcmsBackdrop Cms

10 matches found

CVE•added 2019/08/08 2:15 a.m.•106 views

CVE-2019-14771

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the serv...

9.8CVSS9.5AI score0.00975EPSS

CVE•added 2019/12/19 6:15 a.m.•85 views

CVE-2019-19900

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute scripti...

4.8CVSS5AI score0.00412EPSS

CVE•added 2019/12/19 6:15 a.m.•85 views

CVE-2019-19902

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to pote...

7.2CVSS7AI score0.00613EPSS

CVE•added 2019/12/19 6:15 a.m.•85 views

CVE-2019-19903

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list of ...

4.8CVSS5AI score0.00412EPSS

CVE•added 2022/10/07 6:15 p.m.•83 views

CVE-2022-42092

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.

7.2CVSS7.1AI score0.00794EPSS

CVE•added 2019/12/19 6:15 a.m.•80 views

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute script...

4.8CVSS4.8AI score0.00412EPSS

CVE•added 2022/11/21 9:15 p.m.•77 views

CVE-2022-42096

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.

4.8CVSS4.8AI score0.06651EPSS

CVE•added 2022/11/23 2:15 a.m.•63 views

CVE-2022-42095

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.

4.8CVSS4.8AI score0.43364EPSS

CVE•added 2022/08/01 8:15 p.m.•51 views

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

5.3CVSS5.4AI score0.00084EPSS

CVE•added 2018/12/20 3:29 p.m.•34 views

CVE-2018-1000813

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an...

4.8CVSS5AI score0.00457EPSS