Unknown · Backdrop Cms · CVE-2024-41709
**Name of the Vulnerable Software and Affected Versions**
Backdrop CMS versions 1.27.3 and earlier
Backdrop CMS versions 1.28.x before 1.28.2
**Description**
The issue arises from insufficient sanitization of field labels before they are displayed in certain places. This is mitigated by the requirement that an attacker must have a role with the `administer fields` permission.
**Recommendations**
For Backdrop CMS versions 1.27.3 and earlier, update to version 1.27.3 or later.
For Backdrop CMS versions 1.28.x before 1.28.2, update to version 1.28.2 or later.