Xela

**Name of the Vulnerable Software and Affected Versions** Backdrop CMS versions 1.27.3 and earlier Backdrop CMS versions 1.28.x before 1.28.2 **Description** The issue arises from insufficient sanitization of field labels before they are displayed in certain places. This is mitigated by the requirement that an attacker must have a role with the `administer fields` permission. **Recommendations** For Backdrop CMS versions 1.27.3 and earlier, update to version 1.27.3 or later. For Backdrop CMS versions 1.28.x before 1.28.2, update to version 1.28.2 or later.