Description
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .
References
ProductVendor Advisory
https://github.com/backdrop/backdrop/releases/tag/1.23.0
Release NotesThird Party Advisory
https://github.com/bypazs/CVE-2022-42097
ExploitThird Party Advisory
https://grimthereaperteam.medium.com/cve-2022-42097-backdrop-xss-at-comments-2ea536ec55e1
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-11-22T13:15:14.280
2 years agoLast modified
2022-11-23T19:27:16.403
2 years ago