Date: 
2026-July-08
Vulnerability: 
Cross-site Scripting
Affected versions: 
<2.0.1
CVE IDs: 
CVE-2026-15082
Description: 

The module doesn't sufficiently sanitize the Siteimprove Analytics identification code when inserting the JavaScript tracking code; this could be exploited to achieve Cross-Site Scripting (XSS).

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer siteimprove_analytics".

Solution: 

Install the latest version:

Reported By: 
Coordinated By: