Cross Site Scripting Vulnerability in Backdrop CMS GDPR Cookies Module
CVE-2025-71310

1.8LOW

Key Information:

Vendor: Backdropcms
Status: Gdpr Cookies Module For Backdrop Cms
Vendor: CVE Published:; 26 May 2026

🔔 Create Backdropcms Vulnerability Alert

What is CVE-2025-71310?

The GDPR Cookies module for Backdrop CMS prior to version 1.x-1.3.5 is vulnerable to Cross Site Scripting (XSS) attacks due to inadequate validation of user input in the 'Info content' field specifically when a malicious value is introduced for the YouTube service configuration. To exploit this vulnerability, an attacker must possess a role that includes permissions to create or edit a GDPR Cookies Service, and the configuration must include a YouTube service.

Affected Version(s)

GDPR cookies module for Backdrop CMS 0 < 1.x-1.3.5

References

https://backdropcms.org/security/sa-contrib-2025-013

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 26, 2026

CVE-2025-71310 Data

JSON