CVE-2025-71310
Severity CVSS v4.0:
LOW
Type:
Unavailable / Other
Publication date:
26/05/2026
Last modified:
26/05/2026
Description
The GDPR cookies module for Backdrop CMS (before <br />
<br />
1.x-1.3.5) doesn&#39;t sufficiently protect visitors from Cross Site Scripting (XSS) if a malicious value has been provided for the optional &#39;Info content&#39; field for the YouTube service. This is mitigated by the fact that an attacker must have a role with the permission "Create a GDPR Cookies Service" or "Edit any GDPR Cookies Service" and a site must have added a YouTube service as configuration.
Impact
Base Score 4.0
1.80
Severity 4.0
LOW



