Abhijeet Kumar

**Name of the Vulnerable Software and Affected Versions** Backdrop CMS versions 1.12.x through 1.12.7 Backdrop CMS versions 1.13.x through 1.13.2 **Description** The issue allows some menu links within the administration bar to be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This is mitigated by the requirement for the attacker to have permissions to create administrative menu links, typically restricted to trusted or administrative users. **Recommendations** For Backdrop CMS versions 1.12.x through 1.12.7, update to version 1.12.8 or later. For Backdrop CMS versions 1.13.x through 1.13.2, update to version 1.13.3 or later.