Stored Cross-Site Scripting Vulnerability in Backdrop CMS
CVE-2022-42096

4.8MEDIUM

Key Information:

Vendor: Backdropcms
Status: Backdrop Cms
Vendor: CVE Published:; 21 November 2022

🔔 Create Backdropcms Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-42096?

Backdrop CMS version 1.23.0 contains a vulnerability that allows an attacker to execute scripts stored in post content. This stored cross-site scripting (XSS) flaw can enable unauthorized access to user information, session hijacking, and the execution of malicious scripts in the context of a victim's browser, potentially leading to a compromise of sensitive data.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-42096
Created by bypazs

References

https://github.com/backdrop/backdrop/releases/tag/1.23.0

https://backdropcms.org

https://github.com/bypazs/CVE-2022-42096

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2022
Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Sep 27, 2022
👾
Exploit known to exist
Sep 27, 2022