Backdrop CMS is an open source content management system (CMS). version 1.23.0 of Backdrop CMS Card contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data, which could be exploited to inject cross-site code and launch XSS attacks.