Known Vulnerabilities for products from Backdropcms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Backdropcms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-54123 json | Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text form... | Not Provided | 2024-11-29 | 2026-04-06 |
| CVE-2023-31045 json | A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers t... | Not Provided | 2023-04-24 | 2026-04-06 |
| CVE-2022-42097 json | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' . | 4.8 - MEDIUM | 2022-11-22 | 2022-11-23 |
| CVE-2022-42096 json | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. | 4.8 - MEDIUM | 2022-11-21 | 2022-11-23 |
| CVE-2022-42095 json | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | 4.8 - MEDIUM | 2022-11-23 | 2022-11-30 |
| CVE-2022-42094 json | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' conten... | 4.8 - MEDIUM | 2022-11-22 | 2022-11-23 |
| CVE-2022-42092 json | Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. | 7.2 - HIGH | 2022-10-07 | 2022-10-09 |
| CVE-2022-34530 json | An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via pa... | 5.3 - MEDIUM | 2022-08-01 | 2022-08-08 |
| CVE-2022-24590 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-02-15 | 2022-02-22 |
| CVE-2021-45268 json | ** DISPUTED ** A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers t... | 8.8 - HIGH | 2022-02-03 | 2023-11-07 |
| CVE-2019-19903 json | An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type... | 4.8 - MEDIUM | 2019-12-19 | 2019-12-27 |
| CVE-2019-19902 json | An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site co... | 7.2 - HIGH | 2019-12-19 | 2021-07-21 |
| CVE-2019-19901 json | An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output ... | 4.8 - MEDIUM | 2019-12-19 | 2019-12-27 |
| CVE-2019-19900 json | An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output ... | 4.8 - MEDIUM | 2019-12-19 | 2019-12-27 |
| CVE-2019-14771 json | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through th... | 9.8 - CRITICAL | 2019-08-08 | 2019-08-19 |
| CVE-2019-14770 json | In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted t... | 6.1 - MEDIUM | 2019-08-08 | 2019-08-16 |
| CVE-2019-14769 json | Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block l... | 6.1 - MEDIUM | 2019-08-08 | 2019-08-15 |
| CVE-2019-11358 json | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of ... | 6.1 - MEDIUM | 2019-04-20 | 2023-11-07 |
| CVE-2018-1000813 json | Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class n... | 4.8 - MEDIUM | 2018-12-20 | 2019-01-06 |
| CVE-2012-10004 json | A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the fu... | 6.1 - MEDIUM | 2023-01-11 | 2023-11-07 |
Known software with vulnerabilities from Backdropcms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Backdropcms | Backdrop | 1.0.0 |
| Application | Backdropcms | Backdrop Cms | 1.0.0 |