CVE-2025-46595

N/A

An XSS issue was discovered in the Flag module before 1.x-3.6.2 for Backdrop CMS. Flag is a module that allows flags to be added to nodes, comments, users, and any other type of entity. It doesn't verify flag links before performing the flag action, or verify that the response returned was provided by the flag module. This can allow crafted HTML to result in Cross Site Scripting. This is mitigated by the fact that an attacker must have a role with permission to create links on the website, for example: create or edit comments or content with a filtered text format.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Backdrop CMS 跨站脚本漏洞

Backdrop CMS是Backdrop CMS开源的一个内容管理系统（CMS）。 Backdrop CMS 1.x-3.6.2之前版本存在跨站脚本漏洞，该漏洞源于执行标记操作前未验证标记链接，可能导致跨站脚本攻击。

N/A

N/A