CVE-2024-54123

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.28.4 Backdrop CMS versions 1.29.x prior to 1.29.2

Description: The issue allows for Cross Site Scripting (XSS) via an SVG document, if the SVG tag is allowed for a text format. This occurs in Backdrop CMS when an SVG document is used.

Recommendations: For versions prior to 1.28.4, update to version 1.28.4 or later. For versions 1.29.x prior to 1.29.2, update to version 1.29.2 or later. As a temporary workaround, consider disabling the use of SVG tags for text formats until a patch is available.