Skip to main content

Siteimprove Analytics

1 CVEs product

Monthly

CVE-2026-15082 PHP MEDIUM PATCH This Month

Cross-site scripting in Drupal's Siteimprove Analytics contributed module (all versions before 2.0.1) allows an authenticated low-privileged attacker to inject malicious scripts that execute in a victim user's browser session. The CVSS scope change (S:C) indicates the attack crosses the application trust boundary, enabling potential session hijacking or privilege escalation against higher-privileged users such as administrators who view attacker-controlled content. No public exploit code exists and EPSS of 0.19% (8th percentile) confirms low real-world exploitation probability; no active exploitation has been identified at time of analysis.

XSS Siteimprove Analytics
NVD
CVSS 3.1
5.4
EPSS
0.2%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting in Drupal's Siteimprove Analytics contributed module (all versions before 2.0.1) allows an authenticated low-privileged attacker to inject malicious scripts that execute in a victim user's browser session. The CVSS scope change (S:C) indicates the attack crosses the application trust boundary, enabling potential session hijacking or privilege escalation against higher-privileged users such as administrators who view attacker-controlled content. No public exploit code exists and EPSS of 0.19% (8th percentile) confirms low real-world exploitation probability; no active exploitation has been identified at time of analysis.

XSS Siteimprove Analytics
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy