Lucene search
HistoryJul 22, 2024 - 6:15 a.m.
CVE-2024-41709
cve-2024-41709
backdrop cms
sanitization vulnerability
administer fields permission
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.5%
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the “administer fields” permission.
Affected configurations
Node
backdropcmsbackdropRange1.27.0–1.27.3
ORbackdropcmsbackdropRange1.28.0–1.28.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| backdropcms | backdrop | * | cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* |
Related
vulnrichment
vulnrichment
CVE-2024-41709
2024-07-22 00:00:00
cvelist
cvelist
CVE-2024-41709
2024-07-22 00:00:00
osv
osv
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
2024-07-22 06:31:08
CVE-2024-41709
2024-07-22 06:15:02
cve
cve
CVE-2024-41709
2024-07-22 06:15:02
github
github
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.5%
Related for NVD:CVE-2024-41709