Cross-Site Scripting Vulnerability in Siteimprove Analytics by Drupal
CVE-2026-15082

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
10 July 2026

What is CVE-2026-15082?

An improper input neutralization issue has been identified within the Siteimprove Analytics component of Drupal, enabling Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to data theft, session hijacking, and other harmful effects. Affected versions range from 0.0.0 to 2.0.1, making it essential for users to apply necessary updates and patches to protect their systems.

Affected Version(s)

Siteimprove Analytics 0.0.0 < 2.0.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Rudloff (prudloff)
Bohdan Artemchuk (bohart)
Andriy Parkhomiuk (grask0)
Greg Knaddison (greggles)
Pierre Rudloff (prudloff)
.