2 matches found
CVE-2022-42094
CVE-2022-42094 concerns Backdrop CMS, version 1.23.0, with a stored XSS bug in the Card content. The NVD/Nucli-templates describe a stored XSS that could allow an attacker to run arbitrary JavaScript in a victim’s browser, potentially enabling session hijacking, defacement, or theft of informatio...
CVE-2022-42097
Backdrop CMS 1.23.0 contains a stored cross-site scripting (XSS) vulnerability in the Comment feature. The root cause is lack of proper filtering/escaping of user-supplied data. The CVSS metrics indicate a Medium severity (4.8) with network attack vector, high privileges required, and user intera...