Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-42094: [CVE-2022–42094]Backdrop-XSS-at-Cards - GrimTheRipper - Medium

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the ‘Card’ content.

CVE
Open in Source
#xss#vulnerability

Enter your username and password; the account must have admin privileges.

Select Content > add content > Card

Enter information into the form provided and enter the XSS payload in the Body field. Choose “Raw HTML” Editor and Save.

The XSS payload will run immediately.

POC:

Related news

GHSA-vcvg-g8p2-3hqr: Cross-site Scripting in Backdrop CMS

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE