Backdrop core - Moderately critical - Cross Site Scripting

Backdrop core - Moderately critical - Cross Site Scripting

Date: Wednesday, May 26th, 2021
Security risk: Moderately Critical
Advisory ID: BACKDROP-SA-CORE-2021-003
Vulnerability: Cross Site Scripting

Versions affected

  • Backdrop Core 1.19.x versions prior to 1.19.1
  • Backdrop Core 1.18.x versions prior to 1.18.5

Backdrop versions 1.17 and prior do not receive security coverage.


Backdrop core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack.


Upgrade your site to the most recent version of Backdrop core. Download available on the Backdrop CMS 1.19.1 release page. See the update instructions, if needed.

Nick Onom's picture
Nick Onom
Marketing Project Manager
Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

We value your opinion. Please add your feedback.