backdrop/backdrop is vulnerable to Cross-Site Scripting (XSS). The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post.
CPE | Name | Operator | Version |
---|---|---|---|
backdrop/backdrop | le | 1.22.2 | |
backdrop/backdrop | le | 1.22.2 |