Security
Headlines

Headlines Latest CVEs

Headline

GHSA-jxp8-4jw5-5xjc: Drupal Umami Analytics allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS). This issue affects Umami Analytics: from 0.0.0 before 1.0.1.

1 month ago

#xss #vulnerability #web #git #intel

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewDiscover and integrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-10931

Drupal Umami Analytics allows Cross-Site Scripting (XSS)

Low severity GitHub Reviewed Published Oct 30, 2025 to the GitHub Advisory Database • Updated Oct 30, 2025

Package

composer drupal/umami_analytics (Composer)

Affected versions

< 1.0.1

Description

Published to the GitHub Advisory Database

Oct 30, 2025

Last updated

Oct 30, 2025

EPSS score

ghsa: Latest News

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

3 hours ago

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

3 hours ago

GHSA-5j53-63w8-8625: FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

4 hours ago

GHSA-72mh-hgpm-6384: Orejime has executable code in HTML attributes

6 hours ago

GHSA-v4p2-2w39-mhrj: Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

12 hours ago