Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.
References
Link | Resource |
---|---|
https://backdropcms.org/security/backdrop-sa-core-2024-001 | Vendor Advisory |
https://backdropcms.org/security/backdrop-sa-core-2024-001 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://backdropcms.org/security/backdrop-sa-core-2024-001 - Vendor Advisory |
25 Jul 2024, 15:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Backdropcms
Backdropcms backdrop |
|
CPE | cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
CWE | CWE-79 | |
References | () https://backdropcms.org/security/backdrop-sa-core-2024-001 - Vendor Advisory |
22 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Jul 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-22 06:15
Updated : 2024-11-21 09:33
NVD link : CVE-2024-41709
Mitre link : CVE-2024-41709
CVE.ORG link : CVE-2024-41709
JSON object : View
Products Affected
backdropcms
- backdrop
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')