MidnightBSD

Advisories for backdropcms

CVE-2012-10004 MEDIUM

A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The patch is identified as a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
backdropcms basic_cart *
CVE-2018-1000813 LOW

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2019-11358 MEDIUM

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
oracle tape_library_acsls 8.5
oracle communications_analytics 12.1.1
oracle insurance_performance_insight 8.0.7
oracle policy_automation_connector_for_siebel 10.4.6
oracle communications_diameter_signaling_router 8.1
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle jd_edwards_enterpriseone_tools 9.2
oracle banking_digital_experience 18.1
oracle financial_services_liquidity_risk_measurement_and_management 8.1.0
oracle identity_manager 12.2.1.3.0
oracle application_testing_suite 12.5.0.3
oracle financial_services_profitability_management 8.1.0
oracle weblogic_server 12.2.1.3.0
redhat cloudforms 4.7
oracle agile_product_lifecycle_management_for_process 6.1
oracle communications_operations_monitor 4.0
oracle communications_unified_inventory_management 7.3
oracle peoplesoft_enterprise_peopletools 8.56
opensuse backports_sle 15.0
oracle retail_returns_management 14.0
oracle fusion_middleware_mapviewer 12.2.1.3.0
oracle banking_digital_experience 18.3
oracle communications_billing_and_revenue_management 7.5
oracle hospitality_guest_access 4.2.0
oracle financial_services_enterprise_financial_performance_analytics 8.0.6
oracle financial_services_data_governance_for_us_regulatory_reporting *
oracle communications_eagle_application_processor *
oracle financial_services_revenue_management_and_billing 2.4.0.0
oracle healthcare_foundation 7.1.1
oracle healthcare_foundation 7.2.2
oracle transportation_management 1.4.3
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle hospitality_simphony 18.1
oracle weblogic_server 10.3.6.0.0
oracle hospitality_simphony *
oracle weblogic_server 12.2.1.4.0
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle communications_billing_and_revenue_management 12.0
oracle enterprise_manager_ops_center 12.4.0.0
opensuse leap 15.1
netapp oncommand_system_manager *
oracle insurance_ifrs_17_analyzer 8.0.7
oracle communications_diameter_signaling_router 8.2.1
oracle policy_automation 12.1.1
oracle communications_diameter_signaling_router 8.0.0
oracle retail_returns_management 14.1
oracle communications_session_report_manager 8.2.0
oracle financial_services_liquidity_risk_management 8.0.4.0.0
oracle jdeveloper 12.2.1.3.0
fedoraproject fedora 30
oracle healthcare_translational_research 3.3.1
oracle retail_central_office 14.0
oracle financial_services_regulatory_reporting_for_us_federal_reserve *
oracle banking_enterprise_collections *
oracle big_data_discovery 1.6
oracle financial_services_analytical_applications_reconciliation_framework 8.1.0
oracle financial_services_basel_regulatory_capital_basic *
netapp snapcenter -
oracle banking_digital_experience 18.2
oracle storagetek_tape_analytics_sw_tool 2.3.0
debian debian_linux 10.0
oracle healthcare_translational_research 3.2.1
oracle banking_digital_experience 19.1
oracle financial_services_balance_sheet_planning 8.0.8
oracle retail_point-of-service 14.0
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle financial_services_data_foundation *
oracle retail_customer_management_and_segmentation_foundation 18.0
oracle enterprise_session_border_controller 8.4
redhat virtualization_manager 4.3
oracle communications_session_report_manager 8.2.1
oracle jdeveloper_and_adf 12.2.1.3.0
oracle healthcare_translational_research 3.1.0
oracle financial_services_retail_performance_analytics 8.0.6
oracle healthcare_foundation 7.2.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle policy_automation_for_mobile_devices *
oracle financial_services_regulatory_reporting_for_de_nederlandsche_bank 8.0.4
oracle application_service_level_management 13.2.0.0
oracle policy_automation 12.1.0
oracle jdeveloper 11.1.1.9.0
oracle banking_digital_experience 19.2
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_reconciliation_framework *
oracle primavera_unifier *
oracle insurance_allocation_manager_for_enterprise_profitability 8.1.0
oracle utilities_mobile_workforce_management *
oracle knowledge *
debian debian_linux 9.0
oracle retail_central_office 14.1
oracle financial_services_liquidity_risk_measurement_and_management 8.0.8
oracle communications_unified_inventory_management 7.4.0
oracle hospitality_materials_control 18.1
oracle agile_product_lifecycle_management_for_process 6.2.0.0
oracle financial_services_liquidity_risk_management 8.0.0.1.0
oracle application_express *
oracle application_testing_suite 13.2
oracle financial_services_retail_performance_analytics 8.0.7
fedoraproject fedora 28
oracle jdeveloper_and_adf 11.1.1.9.0
oracle hospitality_guest_access 4.2.1
oracle insurance_ifrs_17_analyzer 8.0.6
oracle tape_library_acsls 8.5.1
backdropcms backdrop *
oracle communications_session_report_manager 8.1.1
oracle communications_session_route_manager 8.1.1
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle financial_services_asset_liability_management *
oracle real-time_scheduler *
oracle communications_session_route_manager 8.2.1
oracle business_process_management_suite 12.2.1.3.0
oracle healthcare_foundation 7.3.0
oracle communications_operations_monitor *
oracle financial_services_liquidity_risk_measurement_and_management 8.0.7
oracle siebel_mobile_applications *
oracle communications_services_gatekeeper 7.0
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach 8.1.0
debian debian_linux 8.0
oracle financial_services_data_integration_hub *
jquery jquery *
oracle bi_publisher 12.2.1.4.0
oracle financial_services_market_risk_measurement_and_management 8.0.5
oracle banking_platform *
oracle financial_services_regulatory_reporting_for_european_banking_authority 8.0.6
oracle primavera_unifier 16.1
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle application_testing_suite 13.2.0.1
oracle financial_services_loan_loss_forecasting_and_provisioning *
oracle rest_data_services 18c
juniper junos 21.2
oracle retail_point-of-service 14.1
oracle retail_customer_insights 15.0
oracle financial_services_data_integration_hub 8.1.0
oracle jdeveloper_and_adf 12.1.3.0.0
oracle bi_publisher 5.5.0.0.0
oracle weblogic_server 14.1.1.0.0
oracle healthcare_translational_research 3.4.0
oracle financial_services_basel_regulatory_capital_basic 8.1.0
oracle insurance_accounting_analyzer 8.0.9
oracle communications_element_manager 8.1.1
oracle application_service_level_management 13.3.0.0
oracle financial_services_liquidity_risk_management 8.0.6
oracle banking_digital_experience 20.1
oracle weblogic_server 12.1.3.0.0
oracle webcenter_sites 12.2.1.3.0
oracle financial_services_asset_liability_management 8.1.0
oracle service_bus 12.1.3.0.0
oracle financial_services_hedge_management_and_ifrs_valuations 8.1.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle policy_automation *
oracle business_process_management_suite 12.2.1.4.0
joomla joomla! *
oracle peoplesoft_enterprise_peopletools 8.55
oracle communications_operations_monitor 4.1.0
drupal drupal *
oracle financial_services_profitability_management *
oracle retail_customer_insights 16.0
oracle rest_data_services 19c
oracle service_bus 11.1.1.9.0
oracle retail_back_office 14.1
oracle primavera_gateway *
oracle financial_services_liquidity_risk_management 8.0.2
oracle communications_element_manager 8.2.0
oracle insurance_data_foundation *
oracle primavera_gateway 15.2.18
oracle siebel_ui_framework 20.8
oracle communications_diameter_signaling_router 8.2
oracle financial_services_retail_customer_analytics *
oracle jdeveloper 12.2.1.4.0
oracle diagnostic_assistant 2.12.36
oracle policy_automation 10.4.7
oracle service_bus 12.2.1.3.0
oracle system_utilities 19.1
oracle insurance_insbridge_rating_and_underwriting *
oracle bi_publisher 12.2.1.3.0
oracle financial_services_price_creation_and_discovery *
oracle financial_services_liquidity_risk_management 8.0.5.0.0
oracle agile_product_lifecycle_management_for_process 6.2.1.0
oracle insurance_allocation_manager_for_enterprise_profitability 8.0.8
oracle communications_operations_monitor 3.4
oracle financial_services_enterprise_financial_performance_analytics 8.0.7
oracle rest_data_services 12.2.0.1
oracle communications_application_session_controller 3.8m0
oracle financial_services_loan_loss_forecasting_and_provisioning 8.1.0
oracle enterprise_manager_ops_center 12.4.0
oracle agile_product_lifecycle_management_for_process 6.2.2.0
fedoraproject fedora 29
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach *
oracle primavera_unifier 16.2
oracle communications_element_manager 8.2.1
oracle application_testing_suite 13.3.0.1
oracle financial_services_institutional_performance_analytics *
oracle communications_webrtc_session_controller 7.2
oracle financial_services_funds_transfer_pricing *
oracle primavera_unifier 18.8
oracle communications_interactive_session_recorder *
oracle financial_services_funds_transfer_pricing 8.1.0
oracle healthcare_translational_research 3.3.2
oracle application_testing_suite 13.3
oracle financial_services_hedge_management_and_ifrs_valuations *
oracle communications_session_route_manager 8.2.0
oracle financial_services_institutional_performance_analytics 8.1.0
oracle application_testing_suite 13.1.0.1
oracle retail_back_office 14.0
oracle hospitality_simphony 18.2
oracle rest_data_services 11.2.0.4
oracle financial_services_regulatory_reporting_for_european_banking_authority 8.0.7
oracle agile_product_lifecycle_management_for_process 6.2.3.0
oracle enterprise_manager_ops_center 12.3.3
oracle rest_data_services 12.1.0.2
oracle financial_services_revenue_management_and_billing 2.4.0.1
CVE-2019-14769 MEDIUM

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
backdropcms backdrop *
CVE-2019-14770 MEDIUM

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
backdropcms backdrop_core *
CVE-2019-14771 HIGH

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the server. (This attack is mitigated by the attacker needing the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other preventative measures in Backdrop CMS prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.) Note: This has been disputed by multiple 3rd parties due to advanced permissions that are needed to exploit.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2019-19900 LOW

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying content type names in the content creation interface. An attacker could potentially craft a specialized content type name, then have an editor execute scripting when creating content, aka XSS. This vulnerability is mitigated by the fact that an attacker must have a role with the "Administer content types" permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2019-19901 LOW

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when configuring a layout, aka XSS. This issue is mitigated by the fact that the attacker would be required to have the permission to create custom blocks, which is typically an administrative task.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2019-19902 MEDIUM

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, allowing non-configuration scripts to potentially be uploaded to the server. This issue is mitigated by the fact that the attacker would be required to have the "Synchronize, import, and export configuration" permission, a permission that only trusted administrators should be given. Other measures in the product prevent the execution of PHP scripts, so another server-side scripting language must be accessible on the server to execute code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2019-19903 LOW

An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute scripting when viewing the list of file types, aka XSS. This vulnerability is mitigated by the fact that an attacker must have a role with the "Administer file types" permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2021-45268 MEDIUM

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
backdropcms backdrop 1.20.0
CVE-2022-24590 LOW

A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
backdropcms backdrop 1.21.1
CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2022-42092

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
backdropcms backdrop_cms 1.22.0
CVE-2022-42094

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

Products Affected

Vendor Product Version
backdropcms backdrop 1.23.0
CVE-2022-42095

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.

Products Affected

Vendor Product Version
backdropcms backdrop_cms 1.23.0
CVE-2022-42096

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.

Products Affected

Vendor Product Version
backdropcms backdrop_cms 1.23.0
CVE-2022-42097

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .

Products Affected

Vendor Product Version
backdropcms backdrop 1.23.0
CVE-2023-31045

A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because "any administrator that can configure a text format could easily allow Full HTML anywhere."

Products Affected

Vendor Product Version
backdropcms backdrop *
CVE-2024-41709

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.

Products Affected

Vendor Product Version
backdropcms backdrop *
CVE-2024-54123

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
backdropcms backdrop *
CVE-2025-25062

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N 1.3 2.7

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2025-25063

An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N 1.3 2.7

Products Affected

Vendor Product Version
backdropcms backdrop_cms *
CVE-2025-44141

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
backdropcms backdrop 1.3.0
backdropcms backdrop_cms 1.30.1
CVE-2025-63828

Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.

Products Affected

Vendor Product Version
backdropcms backdrop_cms 1.32.1