CVE-2022-42094

Опубликовано: 22 нояб. 2022

Источник: nvd

CVSS3: 4.8

EPSS Средний

Описание

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

Ссылки

https://backdropcms.org
Vendor Advisory
https://github.com/backdrop/backdrop/releases/tag/1.23.0
Release Notes
Third Party Advisory
https://github.com/bypazs/CVE-2022-42094
Exploit
Third Party Advisory
https://grimthereaperteam.medium.com/cve-2022-42094-backdrop-xss-at-cards-84266b5250f1
Exploit
Third Party Advisory
https://backdropcms.org
Vendor Advisory
https://github.com/backdrop/backdrop/releases/tag/1.23.0
Release Notes
Third Party Advisory
https://github.com/bypazs/CVE-2022-42094
Exploit
Third Party Advisory
https://grimthereaperteam.medium.com/cve-2022-42094-backdrop-xss-at-cards-84266b5250f1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:backdropcms:backdrop:1.23.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.38028

Средний

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-42094

CVSS3: 4.8

debian

около 3 лет назад

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...

GHSA-vcvg-g8p2-3hqr

CVSS3: 4.8

github

около 3 лет назад

Cross-site Scripting in Backdrop CMS

BDU:2023-08739

CVSS3: 4.8

fstec

около 3 лет назад

Уязвимость CMS-системы Backdrop CMS, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 97%

0.38028

Средний

4.8 Medium

CVSS3

Дефекты

CWE-79