Cross-Site Scripting Vulnerability in Siteimprove Analytics by Drupal
CVE-2026-15082
Currently unrated
What is CVE-2026-15082?
An improper input neutralization issue has been identified within the Siteimprove Analytics component of Drupal, enabling Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to data theft, session hijacking, and other harmful effects. Affected versions range from 0.0.0 to 2.0.1, making it essential for users to apply necessary updates and patches to protect their systems.
Affected Version(s)
Siteimprove Analytics 0.0.0 < 2.0.1
