Cross-Site Scripting Vulnerability in Backdrop CMS Link IFrame Formatter Module
CVE-2025-27824

6.4MEDIUM

Key Information:

Vendor: Backdropcms
Status: Link Iframe Formatter
Vendor: CVE Published:; 7 March 2025

🔔 Create Backdropcms Vulnerability Alert

What is CVE-2025-27824?

An XSS vulnerability exists in the Link iframe formatter module for Backdrop CMS prior to version 1.x-1.1.1, which fails to adequately sanitize user input before rendering it on web pages. This shortcoming can allow attackers with content creation permissions to inject malicious scripts through iFrame fields, potentially leading to exploitation of user sessions or sensitive data exposure.

Affected Version(s)

Link iframe formatter 0 < 1.x-1.1.1

References

https://backdropcms.org/security/backdrop-sa-contrib-2025...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Mar 7, 2025

JSON