CVE-2024-54123
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-54123 is a newly disclosed vulnerability affecting Backdrop CMS versions prior to 1.28.4 and 1.29.x before 1.29.2. This issue permits Cross-Site Scripting (XSS) attacks through the use of maliciously crafted SVG documents. The vulnerability arises when the SVG tag is allowed for text formats, enabling an attacker to inject malicious scripts into a webpage viewed by other users. Successful exploitation of this weakness could lead to unauthorized data access, site defacement, or the installation of malware, potentially compromising the security of the affected website. Users are advised to upgrade to the latest patched version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- CMs
Affected Vendors
- Pluck -