PT-2022-7183 · Unknown · Backdrop Cms
Grim The Ripper Team
·
Published
2022-11-22
·
Updated
2025-04-29
·
CVE-2022-42094
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:M/C:C/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Backdrop CMS version 1.23.0
Description
The issue is related to the lack of protection for the web page structure in Backdrop CMS, which can be exploited by a remote attacker to conduct cross-site scripting (XSS) attacks. Specifically, the vulnerability is a stored XSS via the
Card content.Recommendations
For Backdrop CMS version 1.23.0, consider disabling the
Card content feature until a patch is available to prevent exploitation of the stored XSS vulnerability.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Backdrop Cms