Lucene search

MitreCVE-2024-41709

HistoryJul 22, 2024 - 6:15 a.m.

CVE-2024-41709

2024-07-2206:15:02

CWE-79

mitre

web.nvd.nist.gov

backdrop cms

vulnerability

field labels

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

Low

EPSS

Percentile

14.5%

JSON

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the “administer fields” permission.

Affected configurations

Nvd

Node

backdropcmsbackdropRange1.27.0–1.27.3

backdropcmsbackdropRange1.28.0–1.28.2

VendorProductVersionCPE
backdropcmsbackdrop*cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
backdropcms	backdrop	*	cpe:2.3:a:backdropcms:backdrop::::::::

References

backdropcms.org/security/backdrop-sa-core-2024-001