CyberSec.Space Logo
Back to CVE Browser

CVE-2019-14770

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile9.31th
PublishedAug 8, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.)

Affected Platforms (CPE)

📦
Backdropcms

Backdrop Core

>= 1.12.0 and < 1.12.8
📦
Backdropcms

Backdrop Core

>= 1.13.0 and < 1.13.3

References & Advisories

🔗 https://backdropcms.org/security/backdrop-sa-core-2019-010
🔗 https://backdropcms.org/security/backdrop-sa-core-2019-010

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...