CVE-2022-42097

MEDIUM

Backdrop CMS 1.23.0 - Stored Cross-Site Scripting via Comment

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-42097. PoCs published by bypazs.

AI-analyzed exploit summary This repository contains a writeup detailing a stored XSS vulnerability in Backdrop CMS version 1.23.0. The vulnerability allows an attacker with admin privileges to inject malicious scripts via the comment input field using the Raw HTML Editor.

Description

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.' .

Exploits (1)

nomisec WRITEUP 1 stars
by bypazs · poc
https://github.com/bypazs/CVE-2022-42097

This repository contains a writeup detailing a stored XSS vulnerability in Backdrop CMS version 1.23.0. The vulnerability allows an attacker with admin privileges to inject malicious scripts via the comment input field using the Raw HTML Editor.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Backdrop CMS version 1.23.0
Auth required
Prerequisites: Admin privileges · Access to the comment section · Raw HTML Editor enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Product, Vendor Advisory
https://backdropcms.org
Release Notes, Third Party Advisory
https://github.com/backdrop/backdrop/releases/tag/1.23.0
Exploit, Third Party Advisory
https://github.com/bypazs/CVE-2022-42097

Scores

CVSS v3 4.8
EPSS 0.0089
EPSS Percentile 76.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
backdrop/backdrop 0Packagist
backdropcms/backdrop 1.23.0
Published Nov 22, 2022
Tracked Since Feb 18, 2026