CVE-2022-42096
published 2022-11-21CVE-2022-42096: Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
PriorityP426medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
1.96%
77.8th percentile
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| backdrop | backdrop | 0 – 1.23.0 | — |
| backdropcms | backdrop_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in Backdrop CMS
osv·2022-11-21
CVE-2022-42096 [MEDIUM] Cross-site Scripting in Backdrop CMS
Cross-site Scripting in Backdrop CMS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. The account must have admin privileges.
GHSA
Cross-site Scripting in Backdrop CMS
ghsa·2022-11-21
CVE-2022-42096 [MEDIUM] CWE-79 Cross-site Scripting in Backdrop CMS
Cross-site Scripting in Backdrop CMS
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. The account must have admin privileges.
No detection rules found.
Nuclei
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
nuclei·CVSS 4.8
CVE-2022-42096 [MEDIUM] Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
Template:
id: CVE-2022-42096
info:
name: Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
author: theamanrawat
severity: medium
description: |
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.
impact: |
Authenticated attackers with content creation privileges can inject malicious JavaScript through post content to steal administrator session cookies and credentials when the malicious content is viewed.
remediation: |
Upgrade to a patched version of Backdrop CMS or apply the necessary security patches provided by the vendor.
r
No writeups or analysis indexed.
https://backdropcms.orghttps://github.com/backdrop/backdrop/releases/tag/1.23.0https://github.com/bypazs/CVE-2022-42096https://grimthereaperteam.medium.com/cve-2022-42096-backdrop-xss-at-posts-437c305036e2https://backdropcms.orghttps://github.com/backdrop/backdrop/releases/tag/1.23.0https://github.com/bypazs/CVE-2022-42096https://grimthereaperteam.medium.com/cve-2022-42096-backdrop-xss-at-posts-437c305036e2
2022-11-21
Published