CVE-2024-54123 — Cross-site Scripting in Backdrop CMS
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 38.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 29
Description
Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7