etracker - Less critical - Cross Site Scripting

Project

etracker

Date

July 30, 2025

Severity

Less Critical

Risk Score

7 ∕ 25 AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All

Vulnerability

Cross Site Scripting

Affected versions

<7.x-2.1

Description

The etracker module integrates etracker's statistics tracking solution.

The module doesn't sufficiently verify account key form field validation against cross-site scripting (XSS). This can allow specially crafted HTML to result in XSS.

This vulnerability is mitigated by the fact that an attacker must have a role to manage etracker on the website.

Solution

Install the latest version.

If you use the etracker module for Drupal 7, upgrade to etracker 7.x-2.1:

etracker-7.x-2.1.tar.gz
etracker-7.x-2.1.zip

Reported by

Tag1 D7ES

Fixed by

Tag1 D7ES

Coordinated by

Tag1 D7ES