[MEDIUM] Backdrop CMS Host Header Injection vulnerability

PKSA-2f77-cwcx-9j4j CVE-2025-63828 GHSA-ffpg-gm3h-4p5p

Affected version: <=1.32.0

Reported by:
GitHub

[MEDIUM] Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places

PKSA-gh8r-7gxk-12m5 CVE-2024-41709 GHSA-3wmx-48g3-x66g

Affected version: >=1.28.0,<1.28.2|<1.27.3

Reported by:
GitHub