CVE-2025-71310
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with the permission "Create a GDPR Cookies Service" or "Edit any GDPR Cookies Service" and a site must have added a YouTube service as configuration.
| CWE | CWE-80 |
| Vendor | backdropcms |
| Product | gdpr cookies module for backdrop cms |
| Published | May 26, 2026 |
| Last Updated | May 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for backdropcms gdpr cookies module for backdrop cms
Be the first to know when new unknown vulnerabilities affecting backdropcms gdpr cookies module for backdrop cms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
BackdropCMS / GDPR cookies module for Backdrop CMS
0 < 1.x-1.3.5