LOW
BackdropCMS
CVE published 2026-05-26
CVE-2025-71310
A stored Cross-Site Scripting (XSS) vulnerability exists in the GDPR Cookies module for Backdrop CMS versions prior to 1.x-1.3.5. The flaw resides in the 'Info content' field for the YouTube service configuration, which fails to adequately sanitize user input. Successful exploitation requires an attacker to possess elevated privileges—specifically the 'Create a GDPR Cookies Service' or 'Edit any GDPR Cook [truncated]