Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certa

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.

A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbi

A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code E

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec