CVE-2022-42095

Name of the Vulnerable Software and Affected Versions Backdrop CMS version 1.23.0

Description The issue is related to the lack of protection for the web page structure in Backdrop CMS, which can be exploited by a remote attacker to conduct cross-site scripting (XSS) attacks. Specifically, it is a stored XSS vulnerability that can be triggered via the Page content.

Recommendations For Backdrop CMS version 1.23.0, update to a version that includes a fix for this issue to prevent stored cross-site scripting attacks. As a temporary workaround, consider restricting access to the Page content feature until a patch is available.