CVE Catalog

CVE-2025-44141

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30. It allows injection of malicious JavaScript code into the page.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, take over administrator accounts, or distribute malware within the organization.

Recommendation

Immediately update Backdrop CMS to the latest version that includes a fix for this XSS vulnerability.

Original NVD description (English source)

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS