backpack/crud is vulnerable to Cross-Site Scripting (XSS)
It’s a “moderate” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them information… or even admin access. It’s unlikely, but that’s not good enough in admin panels - It should be made impossible. That’s why you are bothered …