Cross-site Scripting (XSS)

2023-02-1006:33:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

backdrop

html validation

admin authenticated attacker

malicious javascript

user post viewing

0.008 Low

EPSS

Percentile

81.2%

JSON

backdrop/backdrop is vulnerable to Cross-Site Scripting (XSS). The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post.

CPENameOperatorVersion
backdrop/backdrople1.22.2
backdrop/backdrople1.22.2

CPE	Name	Operator	Version
	backdrop/backdrop	le	1.22.2
	backdrop/backdrop	le	1.22.2

References

github.com/bypazs/CVE-2022-42096

grimthereaperteam.medium.com/cve-2022-42096-backdrop-xss-at-posts-437c305036e2

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for VERACODE:39194