Backdropcms: community verdicts
2 notable / known-exploited Backdropcms CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Backdropcms CVE, see NVD ↗.
- CVE-2022-34530MED 5.3EPSS 1%
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
- CVE-2025-44141MED 6.1EPSS 0%
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.