Cross Site Scripting Vulnerability in Backdrop CMS by Backdrop
CVE-2018-1000813

4.8MEDIUM

Key Information:

Vendor: Backdropcms
Status: Backdrop Cms
Vendor: CVE Published:; 20 December 2018

🔔 Create Backdropcms Vulnerability Alert

What is CVE-2018-1000813?

Backdrop CMS versions 1.11.0 and earlier are susceptible to a Cross Site Scripting (XSS) vulnerability due to improper sanitization of custom class names in blocks and layouts. This flaw allows an attacker to execute JavaScript from an untrusted source if a user is directed to a maliciously crafted page while logged in. The vulnerability has been addressed in version 1.11.1 and later, enhancing the security posture against such threats.

References

https://backdropcms.org/security/backdrop-sa-core-2018-005

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2018
Vulnerability Reserved
Oct 11, 2018