Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
backdropcms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-19903
An issue exists in Backdrop CMS 1.14.x prior to 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when vi...
Backdropcms Backdrop Cms
NA
CVE-2022-42094
Backdrop CMS version 1.23.0 exists to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.
Backdropcms Backdrop 1.23.0
NA
CVE-2022-42097
Backdrop CMS version 1.23.0 exists to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
Backdropcms Backdrop 1.23.0
NA
CVE-2022-34530
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows malicious users to enumerate usernames via password reset requests and distinct responses returned based on usernames.
Backdropcms Backdrop Cms
3.5
CVSSv2
CVE-2022-24590
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows malicious users to execute arbitrary web scripts or HTML.
Backdropcms Backdrop 1.21.1
NA
CVE-2022-42092
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows malicious users to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.
Backdropcms Backdrop Cms 1.22.0
NA
CVE-2022-42095
Backdrop CMS version 1.23.0 exists to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
Backdropcms Backdrop Cms 1.23.0
NA
CVE-2022-42096
Backdrop CMS version 1.23.0 exists to contain a stored cross-site scripting (XSS) vulnerability via Post content.
Backdropcms Backdrop Cms 1.23.0
4.3
CVSSv2
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
163 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2