CVE-2025-44141 — Cross-site Scripting in Backdrop CMS

CWE-79 — Cross-site Scripting CWE-59 — Link Following4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 85.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Backdropcms Backdrop CMS

Timeline

PublishedJun 26

Description

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDbackdropcms/backdrop_cms1.30.1

🔴Vulnerability Details

GHSA

GHSA-674q-gxgr-8jhg: A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1↗2025-06-26

▶

CVEList

CVE-2025-44141: A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1↗2025-06-26

▶

📋Vendor Advisories

Microsoft

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the↗2022-02-08

▶