Cross-Site Scripting Vulnerability in Drupal AT Internet Piano Analytics
CVE-2026-0947
4.8MEDIUM
What is CVE-2026-0947?
An improper neutralization of input during web page generation has been identified in Drupal AT Internet Piano Analytics. This vulnerability allows for Cross-Site Scripting (XSS) attacks, which can enable attackers to inject malicious scripts into web pages viewed by users. The issue affects specific versions of the product, necessitating immediate attention from users and administrators to upgrade their installations and mitigate potential security risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
AT Internet Piano Analytics 0.0.0 < 1.0.1
AT Internet Piano Analytics 2.0.0 < 2.3.1
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Pierre Rudloff (prudloff)
Frank Mably (mably)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
Pierre Rudloff (prudloff)