mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
24 lines
1.0 KiB
JSON
24 lines
1.0 KiB
JSON
{
|
|
"id": "CVE-2023-31045",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-04-24T08:15:07.257",
|
|
"lastModified": "2023-04-24T13:01:43.960",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "** DISPUTED ** A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because \"any administrator that can configure a text format could easily allow Full HTML anywhere.\""
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/backdrop/backdrop-issues/issues/6065",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/backdrop/backdrop/releases/tag/1.24.2",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |