PT-2018-9537 · Backdrop · Backdrop Cms
Subodh Kumar
·
Published
2018-12-20
·
Updated
2019-01-06
·
CVE-2018-1000813
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Backdrop CMS versions prior to 1.11.1
Description
The issue is related to a Cross Site Scripting (XSS) vulnerability in the sanitization of custom class names used on blocks and layouts, which can result in the execution of JavaScript from an unexpected source. This can be exploited when a user is directed to an affected page while logged in.
Recommendations
For Backdrop CMS versions prior to 1.11.1, update to version 1.11.1 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Backdrop Cms