Vulnerabilities in backdropcms
9 resultsCVE-2025-25062MEDIUMAn XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text contentEPSS 1.6%CVE-2025-27822HIGHAn issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user aEPSS 0.3%CVE-2025-71310LOWThe GDPR cookies module for Backdrop CMS (before
1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malEPSS 0.3%CVE-2025-27825MEDIUMAn XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class EPSS 0.2%CVE-2025-27823MEDIUMAn issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, anEPSS 0.2%CVE-2025-27824MEDIUMAn XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input beEPSS 0.2%CVE-2025-27826MEDIUMAn XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class naEPSS 0.2%CVE-2025-46595MEDIUMAn XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, cEPSS 0.2%CVE-2025-25063MEDIUMAn XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG imEPSS 0.2%