drupal/siteimprove_analytics is vulnerable to Cross-Site Scripting (XSS)
50
Medium Risk
The module doesn't sufficiently sanitize the Siteimprove Analytics identification code when inserting the JavaScript tracking code; this could be exploited to achieve Cross-Site Scripting (XSS). This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer siteimprove_analytics".
You are affected if you are using a version that falls within the vulnerable range.
drupal/siteimprove_analytics is vulnerable to Cross-Site Scripting (XSS) in versions 0.0.1 - 2.0.0.
Upgrade the drupal/siteimprove_analytics module to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant