Backdrop CMS Flag Module Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in the Flag module for Backdrop CMS, affecting versions prior to 1.x-3.6.2. The Flag module allows users to add flags to various entities, including nodes, comments, and users. The vulnerability arises because the module does not validate flag links before executing flag actions, nor does it ensure that the responses are from the flag module. This oversight can be exploited to inject crafted HTML, leading to XSS. The vulnerability is somewhat mitigated by the requirement for an attacker to have a role that permits link creation, such as the ability to create or edit comments or content with a filtered text format.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users are advised to upgrade to the latest version of the Flag module.