backdrop/backdrop is vulnerable to Cross-Site Scripting (XSS). The vulnerability exist due to the lack of validation in the html elements when adding a post which allows an admin authenticated attacker to inject and execute malicious JavaScript when a user views a post.