Project
Date
Severity
Less Critical
Vulnerability
Cross Site Scripting
Affected versions
<7.x-1.2
Description
The Facebook Pixel module integrates with Facebook analytics.
The module doesn't sufficiently protect its configuration against cross-site scripting (XSS) attacks.
This vulnerability is mitigated in that a user must have the "Administer Facebook pixel" permission in order to manage the configuration
Solution
Install the latest version.
If you use the Facebook Pixel module for Drupal 7, upgrade to Facebook Pixel 7.x-1.2:
Reported by
- Ivo Van Geertruyen (mr.baileys) of the Drupal Security Team
Fixed by
- Ivo Van Geertruyen (mr.baileys)
- Joshua Sedler (grevil)
Coordinated by
- Damien McKenna (damienmckenna) of the Drupal Security Team
- Tag1 D7ES