Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because "any administrator that can configure a text format could easily allow Full HTML anywhere."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Backdrop CMS 跨站脚本漏洞
Vulnerability Description
Backdrop CMS是一套开源的内容管理系统(CMS)。 Backdrop CMS 1.24.2之前版本存在安全漏洞。攻击者利用该漏洞通过name参数注入任意web脚本或html代码。
CVSS Information
N/A
Vulnerability Type
N/A