CVE-2025-27826: XSS

Q: What is the severity of CVE-2025-27826?

CVE-2025-27826 has been classified as a medium severity vulnerability due to its potential for Cross-Site Scripting (XSS) attacks.

Q: How do I fix CVE-2025-27826?

To fix CVE-2025-27826, update your Backdrop CMS Lite theme to version 1.x-1.4.5 or later.

Q: What is affected by CVE-2025-27826?

CVE-2025-27826 affects the Bootstrap Lite theme for Backdrop CMS versions prior to 1.x-1.4.5.

Q: What type of vulnerability is CVE-2025-27826?

CVE-2025-27826 is an XSS (Cross-Site Scripting) vulnerability due to inadequate sanitization of class names.

Q: What can happen if CVE-2025-27826 is exploited?

If CVE-2025-27826 is exploited, it could allow attackers to execute malicious scripts in the context of the affected user’s session.

Published Mar 7, 2025

Updated

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.

Affected Software

1 affected component

Backdrop Lite theme<1.x-1.4.5

Event History

Mar 7, 2025

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

DescriptionSeverityWeakness

Data Sourced

via NVD·10:15 PM

DescriptionSeverityWeakness

Nov 18, 57181

Event

via FIRST·01:03 PM

Frequently Asked Questions

What is the severity of CVE-2025-27826?

CVE-2025-27826 has been classified as a medium severity vulnerability due to its potential for Cross-Site Scripting (XSS) attacks.

How do I fix CVE-2025-27826?

To fix CVE-2025-27826, update your Backdrop CMS Lite theme to version 1.x-1.4.5 or later.

What is affected by CVE-2025-27826?

CVE-2025-27826 affects the Bootstrap Lite theme for Backdrop CMS versions prior to 1.x-1.4.5.

What type of vulnerability is CVE-2025-27826?

CVE-2025-27826 is an XSS (Cross-Site Scripting) vulnerability due to inadequate sanitization of class names.

What can happen if CVE-2025-27826 is exploited?