Backdrop CMS is an open source content management system (CMS). version 1.23.0 of Backdrop CMS Comment is vulnerable to a cross-site scripting vulnerability that results from a lack of effective filtering and escaping of user-supplied data, which could be exploited to launch a cross-site scripting (XSS) attack.