Backdrop core - Moderately Critical - Cross Site Scripting - SA-CORE-2018-005
Backdrop CMS doesn't sufficiently protect against XSS when allowing administrative users to define custom classes for blocks and regions. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer Layouts".
- Backdrop Core 1.x.x versions prior to 1.11.1