CVE Tools

backdropcms

Web & CMS Pluginsoss-project

18

Cumulative CVEs

5

Monthly snapshots

#93

Peak rank

Top products

bootstrap 5 lite theme1 bootstrap lite theme1 link iframe formatter1

Latest CVEs

The 15 most recently published vulnerabilities affecting backdropcms.

CVE-2025-63828Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session...6.1Nov 18, 2025
CVE-2025-44141A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.6.1Jun 26, 2025
CVE-2025-46595An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't ...6.4Apr 25, 2025
CVE-2025-27826An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.6.4Mar 7, 2025
CVE-2025-27825An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.6.4Mar 7, 2025
CVE-2025-27824An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability...6.4Mar 7, 2025
CVE-2025-27823An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The modul...6.4Mar 7, 2025
CVE-2025-27822An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permi...7.5Mar 7, 2025
CVE-2025-25063An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous ...4.4Feb 3, 2025
CVE-2025-25062An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allow...4.4Feb 3, 2025
CVE-2024-54123Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.6.1Nov 29, 2024
CVE-2024-41709Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an atta...4.8Jul 22, 2024
CVE-2023-31045A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a use...4.8Apr 24, 2023
CVE-2012-10004backdrop-contrib Basic Cart basic_cart.cart.inc basic_cart_checkout_form_submit cross site scripting3.5Jan 11, 2023
CVE-2022-42095Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.4.8Nov 23, 2022