CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-14769

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile24.52th
Published2019年8月8日
Last Modified2024年11月21日

Vulnerability Description

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)

Affected Platforms (CPE)

📦
Backdropcms

Backdrop

>= 1.12.0 and < 1.12.8
📦
Backdropcms

Backdrop

>= 1.13.0 and < 1.13.3

References & Advisories

🔗 https://backdropcms.org/security/backdrop-sa-core-2019-011
🔗 https://backdropcms.org/security/backdrop-sa-core-2019-011

相關漏洞威脅

CVE-2019-147719.8

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the use...

CVE-2021-452688.8

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code E...

CVE-2019-199027.2

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configu...

CVE-2019-147706.1

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to exe...