CVE-2023-26265

Published February 21st, 2023

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.

backdrop-contrib/borg

The (base) theme used on Backdropcms.org and associated websites.

GitHub