{"id":"DRUPAL-CONTRIB-2025-107","details":"This module integrates Plausible Analytics on a site.\n\nThe module did not properly filter output in certain cases.\n\nThis vulnerability is mitigated by the fact that an attacker must have permission to add raw HTML to the website, such as an unfiltered WYSIWYG field on a public-facing comment.","aliases":["CVE-2025-10927","GHSA-pr6m-qwrr-mrw9"],"modified":"2025-12-10T23:40:56.168934Z","published":"2025-09-24T17:18:08Z","references":[{"type":"WEB","url":"https://www.drupal.org/sa-contrib-2025-107"}],"affected":[{"package":{"name":"drupal/plausible_tracking","ecosystem":"Packagist:https://packages.drupal.org/8","purl":"pkg:composer/drupal/plausible_tracking"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2"}],"database_specific":{"constraint":"\u003c1.0.2"}}],"database_specific":{"source":"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/plausible_tracking/DRUPAL-CONTRIB-2025-107.json","affected_versions":"\u003c1.0.2"}}],"schema_version":"1.7.3","credits":[{"name":"Pierre Rudloff (prudloff)","contact":["https://www.drupal.org/u/prudloff"]}]}