Security Advisory

CVE-2025-27823

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-07 00:00:00
Last updated 2025-03-07 22:30:42
Assigner mitre
State PUBLISHED

Description

An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesnt sufficiently validate the data attribute value on links, potentially leading to a Cross Site Scripting (XSS) vulnerability. This is mitigated by the fact an attacker must be able to insert link (<a>) HTML elements containing data attributes into the page.