CVE-2019-14769

Name of the Vulnerable Software and Affected Versions Backdrop CMS versions 1.12.x through 1.12.7 Backdrop CMS versions 1.13.x through 1.13.2

Description The issue arises from insufficient filtering of output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label and have an administrator execute scripting when administering a layout. This issue is mitigated by the requirement for the attacker to have permission to create custom blocks on the site, which is typically an administrative permission.

Recommendations For Backdrop CMS versions 1.12.x through 1.12.7, update to version 1.12.8 or later. For Backdrop CMS versions 1.13.x through 1.13.2, update to version 1.13.3 or later.