Backdrop core - Critical - Cross-site scripting - SA-CORE-2021-002

Date: Wednesday, Apr 21th, 2021
Security risk: Critical
Advisory ID: BACKDROP-SA-CORE-2021-002
Vulnerability: Cross Site Scripting

Versions affected

Backdrop Core 1.18.x versions prior to 1.18.3,
Backdrop Core 1.17.x versions prior to 1.17.7
Backdrop versions 1.16 and prior do not receive security coverage.

Description

Backdrop core's sanitization API fails to properly filter cross-site scripting under certain circumstances.

Not all sites and users are affected, but configuration changes to prevent the exploit might be impractical and will vary between sites. Therefore, we recommend all sites update to this release as soon as possible.

Solution

Upgrade your site to the most recent version of Backdrop core. Download available on the Backdrop CMS 1.18.3 release page. See the update instructions, if needed.

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Backdrop · Security

Backdrop core - Critical - Cross-site scripting - SA-CORE-2021-002

Versions affected

Description

Solution

We value your opinion. Please add your feedback.