GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

**Cross-site Scripting in Backdrop CMS**

Moderate severity GitHub Reviewed Published Nov 22, 2022 • Updated Nov 22, 2022