Backdrop core - Moderately critical - Cross Site Scripting - BACKDROP-SA-CORE-2024-001
Backdrop CMS doesn't sufficiently sanitize field labels before they are displayed in certain places.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer fields".
- Backdrop Core 1.28.x versions prior to 1.28.2
- Backdrop Core 1.27.x versions prior to 1.27.3
Backdrop versions 1.26 and prior do not receive security coverage.