- Backdrop Core 1.21.x versions prior to 1.21.3
- Backdrop Core 1.20.x versions prior to 1.20.6
Backdrop versions 1.19 and prior do not receive security coverage.
Backdrop CMS doesn't sufficiently sanitize certain interface text when adding links to existing content.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to create content (nodes), files, user accounts, taxonomy terms, views, or layouts.
- This issue was not reported to the Backdrop Security team before the CVE was created.