Home > Vulnerability Database > CVE-2024-41709

Mend.io Vulnerability Database

CVE-2024-41709

Date: July 21, 2024

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.

Language: PHP

Severity Score

6.1

Related Resources (6)

Url: https://backdropcms.org/security/backdrop-sa-core-2024-001

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41709

Url: https://github.com/backdrop/backdrop/commit/c7ff0500705668e3f58263590812872e44059301

Url: https://github.com/backdrop/backdrop/commit/f1dfe710c186fb47c9d949f01f37e5ab42b44030

Url: https://github.com/backdrop-ops/backdrop-composer

Url: https://www.mend.io/vulnerability-database/CVE-2024-41709

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41709

Date: July 21, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?