Ai Seo Geo Analyzer
Monthly
Stored Cross-Site Scripting in the Drupal AI SEO/GEO Analyzer contrib module (versions 0.0.0 through pre-1.1.3) enables authenticated low-privilege users to persist malicious JavaScript payloads that execute in the browser context of other users - including administrators - who subsequently view the affected content. The scope change (S:C in the CVSS vector) confirms cross-context execution, enabling session hijacking, credential theft, or unauthorized DOM manipulation against victim users. EPSS probability stands at 0.25% (17th percentile) and no active exploitation has been reported in CISA KEV, indicating limited real-world threat at this time. A vendor-released patch is available via the Drupal security advisory SA-contrib-2026-076.
Stored Cross-Site Scripting in the Drupal AI SEO/GEO Analyzer contrib module (versions 0.0.0 through pre-1.1.3) enables authenticated low-privilege users to persist malicious JavaScript payloads that execute in the browser context of other users - including administrators - who subsequently view the affected content. The scope change (S:C in the CVSS vector) confirms cross-context execution, enabling session hijacking, credential theft, or unauthorized DOM manipulation against victim users. EPSS probability stands at 0.25% (17th percentile) and no active exploitation has been reported in CISA KEV, indicating limited real-world threat at this time. A vendor-released patch is available via the Drupal security advisory SA-contrib-2026-076.