Backdrop Security Vulnerabilities and Issues — Backdrop CVE List

Lucene search

BackdropcmsBackdrop

4 matches found

CVE•added 2019/04/20 12:29 a.m.•2196 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.01768EPSS

CVE•added 2019/08/08 2:15 a.m.•90 views

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issu...

6.1CVSS6AI score0.00317EPSS

CVE•added 2024/07/22 6:15 a.m.•45 views

CVE-2024-41709

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.

6.1CVSS7AI score0.00186EPSS

CVE•added 2025/06/26 4:15 p.m.•6 views

CVE-2025-44141

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.

6.1CVSS6AI score0.00034EPSS