CVE-2022-42096

MEDIUM NUCLEI

Backdrop CMS 1.23.0 - Stored Cross-Site Scripting via Post Content

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-42096. PoCs published by bypazs. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a writeup detailing a stored XSS vulnerability in Backdrop CMS version 1.23.0. The vulnerability allows an attacker with admin privileges to inject malicious JavaScript via the 'Body' field when using the 'Raw HTML' editor.

Description

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.

Exploits (1)

nomisec WRITEUP 1 stars
by bypazs · poc
https://github.com/bypazs/CVE-2022-42096

This repository contains a writeup detailing a stored XSS vulnerability in Backdrop CMS version 1.23.0. The vulnerability allows an attacker with admin privileges to inject malicious JavaScript via the 'Body' field when using the 'Raw HTML' editor.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Backdrop CMS version 1.23.0
Auth required
Prerequisites: Admin privileges on the Backdrop CMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)
MEDIUMVERIFIEDby theamanrawat

References (4)

Core 4

Scores

CVSS v3 4.8
EPSS 0.0243
EPSS Percentile 85.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
backdrop/backdrop 0Packagist
backdropcms/backdrop_cms 1.23.0
Published Nov 21, 2022
Tracked Since Feb 18, 2026