Lucene search

GitHub Advisory DatabaseGHSA-58RJ-W2QF-QJG7

HistoryNov 23, 2022 - 3:30 a.m.

Cross-site Scripting in Backdrop CMS

2022-11-2303:30:22

CWE-79

GitHub Advisory Database

github.com

backdrop cms

version 1.23.0

xss

vulnerability

page content

software

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.005

Percentile

77.3%

JSON

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.

Affected configurations

Vulners

Node

backdropbackdropRange≤1.23.0

VendorProductVersionCPE
backdropbackdrop*cpe:2.3:a:backdrop:backdrop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
backdrop	backdrop	*	cpe:2.3:a:backdrop:backdrop::::::::

References

backdropcms.org

github.com/advisories/GHSA-58rj-w2qf-qjg7

github.com/backdrop/backdrop/releases/tag/1.23.0

github.com/bypazs/CVE-2022-42095

github.com/bypazs/Declined_backdrop-XSS-at-pAGES

grimthereaperteam.medium.com/declined-backdrop-xss-at-pages-26e5d63686bc

nvd.nist.gov/vuln/detail/CVE-2022-42095