CVE-2025-27824 MEDIUM

CVE-2025-27824

Vendor Backdropcms
Product Link iframe formatter
Weakness CWE-79 · XSS
Published March 7, 2025
Last update March 7, 2025

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFrame field.

Key dates

02Disclosure timeline

March 7, 2025 CVE published
March 7, 2025 Record updated