Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-20T15:00:00Z

Updated: 2024-09-17T00:02:13.077Z

Reserved: 2018-12-20T00:00:00Z

Link: CVE-2018-1000813

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-12-20T15:29:00.440

Modified: 2024-11-21T03:40:24.687

Link: CVE-2018-1000813

cve-icon Redhat

No data.