backdrop/backdrop Security Advisories for 1.21.4 (8)
-
[MEDIUM] Backdrop CMS Host Header Injection vulnerability
PKSA-2f77-cwcx-9j4j CVE-2025-63828 GHSA-ffpg-gm3h-4p5p
Affected version: <=1.32.0
Reported by:
GitHub -
[MEDIUM] Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
PKSA-gh8r-7gxk-12m5 CVE-2024-41709 GHSA-3wmx-48g3-x66g
Affected version: >=1.28.0,<1.28.2|<1.27.3
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Backdrop CMS
PKSA-gcc1-ccyz-6c81 CVE-2023-31045 GHSA-3862-c622-v4fp
Affected version: <1.24.2
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Backdrop CMS
PKSA-44g5-w41f-whj9 CVE-2022-42095 GHSA-58rj-w2qf-qjg7
Affected version: <=1.23.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Backdrop CMS
PKSA-3671-qd5s-5n4k CVE-2022-42094 GHSA-vcvg-g8p2-3hqr
Affected version: <=1.23.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Backdrop CMS
PKSA-wpqg-8wds-jkbv CVE-2022-42097 GHSA-g9cp-9fw3-56cf
Affected version: <=1.23.0
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Backdrop CMS
PKSA-93f1-95kw-fzf6 CVE-2022-42096 GHSA-g8jw-8vpv-pv5q
Affected version: <=1.23.0
Reported by:
GitHub -
[HIGH] Backdrop CMS Unrestricted File Upload vulnerability
PKSA-t8p4-zqmd-ns54 CVE-2022-42092 GHSA-33c9-rppf-m7fq
Affected version: <=1.22.0
Reported by:
GitHub