CVE-2022-42096

Опубликовано: 21 нояб. 2022

Источник: nvd

CVSS3: 4.8

EPSS Средний

Описание

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.

Ссылки

https://backdropcms.org
Product
https://github.com/backdrop/backdrop/releases/tag/1.23.0
Release Notes
Third Party Advisory
https://github.com/bypazs/CVE-2022-42096
Exploit
Third Party Advisory
https://grimthereaperteam.medium.com/cve-2022-42096-backdrop-xss-at-posts-437c305036e2
Exploit
Third Party Advisory
https://backdropcms.org
Product
https://github.com/backdrop/backdrop/releases/tag/1.23.0
Release Notes
Third Party Advisory
https://github.com/bypazs/CVE-2022-42096
Exploit
Third Party Advisory
https://grimthereaperteam.medium.com/cve-2022-42096-backdrop-xss-at-posts-437c305036e2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:backdropcms:backdrop_cms:1.23.0:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.21351

Средний

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-42096

CVSS3: 4.8

debian

около 3 лет назад

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...

GHSA-g8jw-8vpv-pv5q

CVSS3: 4.8

github

около 3 лет назад

Cross-site Scripting in Backdrop CMS

BDU:2023-07500

CVSS3: 4.8

fstec

больше 3 лет назад

Уязвимость CMS-системы Backdrop CMS, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 96%

0.21351

Средний

4.8 Medium

CVSS3

Дефекты

CWE-79