CNNVD-202510-4279 Information

CNNVD ID

CNNVD-202510-4279

Related CVE

CVE-2025-10931

• CNNVD Published: 2025-10-30

Description (Chinese)

Drupal Umami Analytics是Drupal社区的一款网页数据统计插件。 Drupal Umami Analytics 1.0.1之前版本存在安全漏洞，该漏洞源于网页生成期间输入中和不当，可能导致跨站脚本攻击。

Description (English)

Drupal Umami Analytics is a web-based statistical plugin for the Drupal community. There was a security loophole in the previous version of Drupal Umami Analytics 1.0, which resulted from the misinformation of input during the web page generation and could result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-10-30

Last Modified

2026-02-24

References

https://www.drupal.org/sa-contrib-2025-109 https://vigilance.fr/vulnerability/Drupal-Umami-Analytics-Cross-Site-Scripting-via-2-0-5-48297

Patch

https://www.drupal.org/project/umami_analytics/releases