PT-2018-9537 · Backdrop · Backdrop Cms
Subodh Kumar
·
Publicado
2018-12-20
·
Atualizado
2019-01-06
·
CVE-2018-1000813
CVSS v3.1
4.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Backdrop CMS versions prior to 1.11.1
Description
The issue is related to a Cross Site Scripting (XSS) vulnerability in the sanitization of custom class names used on blocks and layouts, which can result in the execution of JavaScript from an unexpected source. This can be exploited when a user is directed to an affected page while logged in.
Recommendations
For Backdrop CMS versions prior to 1.11.1, update to version 1.11.1 or later to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Backdrop Cms