—
DRUPAL-CONTRIB-2026-073
Details
The module doesn't sufficiently sanitize the Siteimprove Analytics identification code when inserting the JavaScript tracking code; this could be exploited to achieve Cross-Site Scripting (XSS).
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer siteimprove\_analytics".
Are you affected?
Enter the version of the package you're using.
Affected packages
Packagist:https://packages.drupal.org/8 / drupal/siteimprove_analytics
Introduced in:
0 Fixed in: 2.0.1 Upgrade drupal/siteimprove_analytics to 2.0.1 or newer (ecosystem packagist:https://packages.drupal.org/8).