Moderate severityNVD Advisory· Published Jul 22, 2024· Updated Mar 21, 2025

CVE-2024-41709

Description

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
backdrop/backdropPackagist	< 1.27.3	1.27.3
backdrop/backdropPackagist	>= 1.28.0, < 1.28.2	1.28.2

Affected products

Backdrop CMS/Backdrop CMSdescription
ghsa-coords
pkg:composer/backdrop/backdrop
Range: < 1.27.3

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-3wmx-48g3-x66gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-41709ghsaADVISORY
backdropcms.org/security/backdrop-sa-core-2024-001ghsaWEB
github.com/backdrop/backdrop/commit/c7ff0500705668e3f58263590812872e44059301ghsaWEB
github.com/backdrop/backdrop/commit/f1dfe710c186fb47c9d949f01f37e5ab42b44030ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000