CVE-2024-41709
July 22, 2024, 1 p.m.
Tags
Product(s) Impacted
Backdrop CMS
- before 1.27.3
- 1.28.x before 1.28.2
Description
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.
Weaknesses
Date
Published: July 22, 2024, 6:15 a.m.
Last Modified: July 22, 2024, 1 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://backdropcms.org/
cve@mitre.org