Backdrop CMS Vulnerable to XSS via SVG Document
CVE-2024-54123

Currently unrated

Key Information:

Vendor

Backdrop CMS

Vendor
CVE Published:
29 November 2024

What is CVE-2024-54123?

Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.

References

https://backdropcms.org/security/backdrop-sa-core-2024-002

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.