Backdropcms Backdrop Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Backdropcms Backdrop Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2019-14771 — CVSS 9.8 (critical): Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user…
CVE-2019-19902 — CVSS 7.2 (high): An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It allows the upload of entire-site configuration…
CVE-2022-42092 — CVSS 7.2 (high): Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third…
CVE-2024-54123 — CVSS 6.1 (medium): Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.
CVE-2025-63828 — CVSS 6.1 (medium): Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests…
CVE-2022-34530 — CVSS 5.3 (medium): An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset…
CVE-2022-42095 — CVSS 4.8 (medium): Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
CVE-2019-19900 — CVSS 4.8 (medium): An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when…
CVE-2019-19901 — CVSS 4.8 (medium): An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when…
CVE-2019-19903 — CVSS 4.8 (medium): An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying file type descriptions…
CVE-2018-1000813 — CVSS 4.8 (medium): Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on…
CVE-2022-42096 — CVSS 4.8 (medium): Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
CVE-2023-31045 — CVSS 4.8 (medium): A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject…
CVE-2025-25063 — CVSS 4.4 (medium): An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG…
CVE-2025-25062 — CVSS 4.4 (medium): An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text…