Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-63828
CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
Published Nov 19, 2025
https://github.com/advisories/GHSA-ffpg-gm3h-4p5p
CVSS Score
High
8.2
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
composer
backdrop/backdrop
1.13.2-rc1
composer
backdrop/backdrop
1.13.2-rc2
composer
backdrop/backdrop
1.17.3
composer
backdrop/backdrop
1.18.3
composer
backdrop/backdrop
1.19.1
composer
backdrop/backdrop
1.20.3
composer
backdrop/backdrop
1.21.0
composer
backdrop/backdrop
1.21.1
composer
backdrop/backdrop
1.21.3
composer
backdrop/backdrop
1.21.4
composer
backdrop/backdrop
1.22.1
composer
backdrop/backdrop
1.22.2
composer
backdrop/backdrop
1.27.0
composer
backdrop/backdrop
1.28.0
composer
backdrop/backdrop
1.29.0
composer
backdrop/backdrop
1.30.0
composer
backdrop/backdrop
1.30.2
composer
backdrop/backdrop
1.31.0
composer
backdrop/backdrop
1.32.0
1-19 of 19
CVE-2025-63828 | Components Impacted | Sonatype Guide | Sonatype Guide
