Skip to main content

AI SEO/GEO Analyzer CVE-2026-15085

| EUVDEUVD-2026-43080 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-10 drupal GHSA-xg2f-c7h9-qw99
5.4
CVSS 3.1 · Vendor: drupal
Share

Severity by source

Vendor (drupal) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Stored XSS requires low-privilege authenticated submission (PR:L), victim page view (UI:R), and scope change captures cross-browser-context impact (S:C); no availability impact applies.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (drupal).

CVSS VectorVendor: drupal

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 13, 2026 - 19:48 vuln.today
CVSS changed
Jul 13, 2026 - 19:22 NVD
5.4 (MEDIUM)
Patch available
Jul 10, 2026 - 23:02 EUVD
CVE Published
Jul 10, 2026 - 21:46 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3.

AnalysisAI

Stored Cross-Site Scripting in the Drupal AI SEO/GEO Analyzer contrib module (versions 0.0.0 through pre-1.1.3) enables authenticated low-privilege users to persist malicious JavaScript payloads that execute in the browser context of other users - including administrators - who subsequently view the affected content. The scope change (S:C in the CVSS vector) confirms cross-context execution, enabling session hijacking, credential theft, or unauthorized DOM manipulation against victim users. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege Drupal user
Delivery
Submit crafted XSS payload via AI SEO/GEO Analyzer input field
Exploit
Payload persisted in Drupal database
Execution
Victim administrator views affected content or report
Persist
Malicious script executes in victim browser
Impact
Session token exfiltrated or privileged actions performed on victim's behalf

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Drupal account with at least low-level permissions to interact with the AI SEO/GEO Analyzer module (PR:L per CVSS vector) - anonymous or unauthenticated users cannot trigger this vulnerability. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.4 (Medium) is appropriate and internally consistent: AV:N reflects network delivery, AC:L indicates no special race conditions, PR:L confirms a low-privilege authenticated account is required as a prerequisite, and UI:R requires victim interaction - both conditions that meaningfully constrain the attack surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a low-privilege Drupal account (such as an editor or authenticated content contributor) navigates to an AI SEO/GEO Analyzer input field and submits a crafted payload containing JavaScript - for example, within an SEO analysis text field or metadata input. The payload is stored in the Drupal database and later rendered unsanitized when a higher-privileged user (such as a site administrator) views the associated content or report. …
Remediation The primary remediation is to upgrade the AI SEO/GEO Analyzer Drupal module to version 1.1.3 or later, per the Drupal security advisory at https://www.drupal.org/sa-contrib-2026-076. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15085 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy