Low severityNVD Advisory· Published May 26, 2026· Updated May 26, 2026
CVE-2025-71310
CVE-2025-71310
Description
The GDPR cookies module for Backdrop CMS (before
1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with the permission "Create a GDPR Cookies Service" or "Edit any GDPR Cookies Service" and a site must have added a YouTube service as configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <1.3.5
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.