VDB
KO

DRUPAL-CONTRIB-2026-073

Details

The module doesn't sufficiently sanitize the Siteimprove Analytics identification code when inserting the JavaScript tracking code; this could be exploited to achieve Cross-Site Scripting (XSS).

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer siteimprove\_analytics".

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/siteimprove_analytics
Introduced in: 0 Fixed in: 2.0.1

Upgrade drupal/siteimprove_analytics to 2.0.1 or newer (ecosystem packagist:https://packages.drupal.org/8).

References