Intel

AIKIDO-2026-274136

drupal/siteimprove_analytics is vulnerable to Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)CVE-2026-15082 Published 3 days ago

50

Medium Risk

This Affects:

PHPdrupal/siteimprove_analytics
0.0.1 - 2.0.0
Fixed in 2.0.1
Are you affected? Scan for Free

TL;DR

The module doesn't sufficiently sanitize the Siteimprove Analytics identification code when inserting the JavaScript tracking code; this could be exploited to achieve Cross-Site Scripting (XSS). This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer siteimprove_analytics".

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/siteimprove_analytics is vulnerable to Cross-Site Scripting (XSS) in versions 0.0.1 - 2.0.0.

How to fix this

Upgrade the drupal/siteimprove_analytics module to the patch version.