CVE-2024-41709

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41709

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41709.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41709

Aliases

GHSA-3wmx-48g3-x66g

Published

2024-07-22T06:15:02Z

Modified

2024-09-03T04:40:36.826373Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.

References

https://backdropcms.org/security/backdrop-sa-core-2024-001

Affected packages

Git / github.com/backdrop/backdrop

Affected ranges

Type: GIT
Repo: https://github.com/backdrop/backdrop
Events: Introduced

68e57502fbc8aea3f341c9e43c21d456d7439204

Fixed

c2414f7f3a3f9f143d904e90f1c6b806c1601868

Affected versions

1.*

1.27.0

1.27.1

1.27.2