Date
Severity
Less Critical
Vulnerability
Cross Site Scripting
Affected versions
<7.x-1.2

Description

The Facebook Pixel module integrates with Facebook analytics.

The module doesn't sufficiently protect its configuration against cross-site scripting (XSS) attacks.

This vulnerability is mitigated in that a user must have the "Administer Facebook pixel" permission in order to manage the configuration

Solution

Install the latest version.

If you use the Facebook Pixel module for Drupal 7, upgrade to Facebook Pixel 7.x-1.2:


Reported by

Fixed by

Coordinated by