Unrated severityNVD Advisory· Published Aug 8, 2019· Updated Aug 5, 2024
CVE-2019-14769
CVE-2019-14769
Description
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Backdrop CMS/Backdrop CMSdescription
- Range: >=1.12.0 <1.12.8, >=1.13.0 <1.13.3
Patches
Vulnerability mechanics
References
1- backdropcms.org/security/backdrop-sa-core-2019-011mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.