漏洞关键信息 Project: Facebook Pixel Date: June 04, 2025 Severity: Less Critical Risk Score: 9/25 AC:None/A:Admin/CI:None/II:None/E:Theoretical/TD:All Vulnerability: Cross Site Scripting Affected versions: <7.x-1.2 Description The Facebook Pixel module integrates with Facebook analytics. The module doesn't sufficiently protect its configuration against cross-site scripting (XSS) attacks. This vulnerability is mitigated in that a user must have the "Administer Facebook pixel" permission in order to manage the configuration. Reported by Ivo Van Geetruiyen (mr.baileys) of the Drupal Security Team Fixed by Ivo Van Geetruiyen (mr.baileys) Joshua Sedler (grevil) Coordinated by Damien McKenna (damienmckenna) of the Drupal Security Team Tag1 D7ES