Unrated severityNVD Advisory· Published Aug 8, 2019· Updated Aug 5, 2024
CVE-2019-14770
CVE-2019-14770
Description
In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Backdrop CMS/Backdrop CMSdescription
- Range: >=1.12.0, <1.12.8 || >=1.13.0, <1.13.3
Patches
Vulnerability mechanics
References
1- backdropcms.org/security/backdrop-sa-core-2019-010mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.