CVE-2019-14769
Last modified
CVE-2019-14769 is a vulnerability of currently unknown severity. Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. EPSS estimates a 0.85% chance of exploitation in the next 30 days.
Description
Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.)
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Backdropcms | Backdrop | >= 1.12.0, < 1.12.8 |
| Backdropcms | Backdrop | >= 1.13.0, < 1.13.3 |
References
- https://backdropcms.org/security/backdrop-sa-core-2019-011Vendor Advisory
- https://backdropcms.org/security/backdrop-sa-core-2019-011Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-14769?
How severe is CVE-2019-14769?
How do I fix CVE-2019-14769?
Are you affected by CVE-2019-14769?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST