Skip to main content

Gdpr Cookies Module For Backdrop Cms

1 CVEs product

Monthly

CVE-2025-71310 LOW PATCH Monitor

The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with the permission "Create a GDPR Cookies Service" or "Edit any GDPR Cookies Service" and a site must have added a YouTube service as configuration.

XSS Gdpr Cookies Module For Backdrop Cms
NVD VulDB
CVSS 4.0
1.8
EPSS
0.0%
EPSS 0% CVSS 1.8
LOW PATCH Monitor

The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with the permission "Create a GDPR Cookies Service" or "Edit any GDPR Cookies Service" and a site must have added a YouTube service as configuration.

XSS Gdpr Cookies Module For Backdrop Cms
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy