Known Vulnerabilities for Backdrop by Backdropcms
Listed below are 6 of the newest known vulnerabilities associated with "Backdrop" by "Backdropcms".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45430 json | The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authori... | Not Provided | 2026-05-12 | 2026-05-12 |
| CVE-2025-71310 json | The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting... | Not Provided | 2026-05-26 | 2026-05-26 |
| CVE-2025-44141 json | A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30. | Not Provided | 2025-06-26 | 2026-07-05 |
| CVE-2022-42097 json | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | 4.8 - MEDIUM | 2022-11-22 | 2022-11-23 |
| CVE-2022-42094 json | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' conten... | 4.8 - MEDIUM | 2022-11-22 | 2022-11-23 |
| CVE-2022-34530 json | An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via pa... | 4.8 - MEDIUM | 2022-08-01 | 2026-07-09 |
| CVE-2022-24590 json | A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute... | 5.4 - MEDIUM | 2022-02-15 | 2022-02-22 |
| CVE-2021-45268 json | ** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers t... | 8.8 - HIGH | 2022-02-03 | 2023-11-07 |
| CVE-2019-14769 json | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block l... | 6.1 - MEDIUM | 2019-08-08 | 2019-08-15 |
| CVE-2019-11358 json | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of ... | 6.1 - MEDIUM | 2019-04-20 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Backdropcms | Backdrop | 1.9.6 | |||
| Application | Backdropcms | Backdrop | 1.9.5 | |||
| Application | Backdropcms | Backdrop | 1.9.4 | |||
| Application | Backdropcms | Backdrop | 1.9.3 | |||
| Application | Backdropcms | Backdrop | 1.9.2 | |||
| Application | Backdropcms | Backdrop | 1.9.1 | |||
| Application | Backdropcms | Backdrop | 1.9.0 | |||
| Application | Backdropcms | Backdrop | 1.8.4 | |||
| Application | Backdropcms | Backdrop | 1.8.3 | |||
| Application | Backdropcms | Backdrop | 1.8.2 | |||
| Application | Backdropcms | Backdrop | 1.8.1 | |||
| Application | Backdropcms | Backdrop | 1.8.0 | |||
| Application | Backdropcms | Backdrop | 1.7.4 | |||
| Application | Backdropcms | Backdrop | 1.7.3 | |||
| Application | Backdropcms | Backdrop | 1.7.2 | |||
| Application | Backdropcms | Backdrop | 1.7.1 | |||
| Application | Backdropcms | Backdrop | 1.7.0 | |||
| Application | Backdropcms | Backdrop | 1.6.4 | |||
| Application | Backdropcms | Backdrop | 1.6.3 | |||
| Application | Backdropcms | Backdrop | 1.6.2 |