Back to CVE List

CVE-2025-71310

Vulnerability Description

The GDPR cookies module for Backdrop CMS (before

1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with the permission "Create a GDPR Cookies Service" or "Edit any GDPR Cookies Service" and a site must have added a YouTube service as configuration.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-80
Source
NVD
Vendor
BackdropCMS
Product
GDPR cookies module for Backdrop CMS

External References

Discussion (0)

Add Comment

No comments yet. Be the first!