{"id":"CVE-2024-54123","details":"Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format.","modified":"2026-04-10T05:18:28.156339Z","published":"2024-11-29T04:15:03.940Z","references":[{"type":"ADVISORY","url":"https://backdropcms.org/security/backdrop-sa-core-2024-002"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/backdrop/backdrop","events":[{"introduced":"0"},{"fixed":"77b3ec2229c6874cb3fa6d77f0a0a50693b03f59"},{"introduced":"4b3e2d2f25c01f3187afc5e56fb6a44930a1bbac"},{"fixed":"bca035553a01a70b7572b2d8b69413735ea2578c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.28.4"},{"introduced":"1.29.0"},{"fixed":"1.29.2"}]}}],"versions":["1.1.0","1.10.0","1.11.0","1.13.0-preview","1.14.0","1.14.0-preview","1.15.0","1.15.0-preview","1.16.0","1.16.0-preview","1.17.0","1.17.0-preview","1.18.0","1.18.0-preview","1.19.0","1.19.0-preview","1.2.0","1.20.0","1.20.0-preview","1.21.0","1.21.0-preview","1.22.0","1.22.0-preview","1.23.0","1.23.0-preview","1.24.0","1.24.0-preview","1.25.0","1.25.0-preview","1.26.0","1.26.0-preview","1.27.0","1.27.0-preview","1.28.0","1.28.0-preview","1.28.1","1.28.2","1.28.3","1.29.0","1.29.1","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","1.5.1","1.6.0","1.7.0","1.7.0-preview","v1.0.0","v1.0.0-preview","v1.0.1","v1.0.2","v1.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54123.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}