CVE-2019-14770
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.)
En CMS de Backdrop versiones 1.12.x anteriores a 1.12.8 y versiones 1.13.x anteriores a 1.13.3, algunos enlaces de menú dentro de la barra de administración pueden ser diseñados para ejecutar JavaScript cuando el administrador inicia sesión y usa la funcionalidad search. (Este problema es mitigado por el atacante necesitando permisos para crear enlaces de menú administrativo, tal y como la creación de un tipo de contenido o diseño. Tales permisos están restringidos usualmente para usuarios confiables o administrativos).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-07 CVE Reserved
- 2019-08-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://backdropcms.org/security/backdrop-sa-core-2019-010 | 2019-08-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Backdropcms Search vendor "Backdropcms" | Backdrop Core Search vendor "Backdropcms" for product "Backdrop Core" | >= 1.12.0 < 1.12.8 Search vendor "Backdropcms" for product "Backdrop Core" and version " >= 1.12.0 < 1.12.8" | - |
Affected
| ||||||
Backdropcms Search vendor "Backdropcms" | Backdrop Core Search vendor "Backdropcms" for product "Backdrop Core" | >= 1.13.0 < 1.13.3 Search vendor "Backdropcms" for product "Backdrop Core" and version " >= 1.13.0 < 1.13.3" | - |
Affected
|