Home > Vulnerability Database > CVE-2025-27824

Mend.io Vulnerability Database

CVE-2025-27824

Date: March 6, 2025

An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFrame field.

Severity Score

6.4

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27824

Url: https://backdropcms.org/security/backdrop-sa-contrib-2025-003

Url: https://www.mend.io/vulnerability-database/CVE-2025-27824

Severity Score

6.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27824

Date: March 6, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?