DRUPAL-CONTRIB-2025-107

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/plausible_tracking/DRUPAL-CONTRIB-2025-107.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-107

Aliases

Published

2025-09-24T17:18:08Z

Modified

2025-12-10T23:40:56.168934Z

Summary

[none]

Details

This module integrates Plausible Analytics on a site.

The module did not properly filter output in certain cases.

This vulnerability is mitigated by the fact that an attacker must have permission to add raw HTML to the website, such as an unfiltered WYSIWYG field on a public-facing comment.

References

https://www.drupal.org/sa-contrib-2025-107

Credits

- Pierre Rudloff (prudloff)
- - https://www.drupal.org/u/prudloff

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/plausible_tracking

Package

Name: drupal/plausible_tracking
Purl: pkg:composer/drupal/plausible_tracking

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1.0.2

Database specific

{
    "constraint": "<1.0.2"
}

Database specific

affected_versions

"<1.0.2"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/plausible_tracking/DRUPAL-CONTRIB-2025-107.json"