DRUPAL-CONTRIB-2025-058

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/piwik_pro/DRUPAL-CONTRIB-2025-058.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-058
Aliases
  • CVE-2025-4415
Published
2025-05-14T18:04:44Z
Modified
2025-12-10T23:41:30.713183Z
Summary
[none]
Details

This module enables you to add the Piwik Pro web statistics tracking system to your website.

The module does not check the JS code that is loaded on the website. So a user with the "Administer Piwik Pro" permission could configure the module to load JS from a malicious website.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer piwik pro" to access the settings form where this can be configured.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/piwik_pro

Package

Name
drupal/piwik_pro
Purl
pkg:composer/drupal/piwik_pro

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2
Database specific 
{
    "constraint": "<1.3.2"
}

Database specific

affected_versions 
"<1.3.2"
source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/piwik_pro/DRUPAL-CONTRIB-2025-058.json"