CVE-2025-10931

CVE-2025-10931: Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109

Vendor Drupal

Product Umami Analytics

Weakness CWE-79 · XSS

Published October 29, 2025

Last update October 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.

Key dates

02Disclosure timeline

October 29, 2025 CVE published

October 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10931

Related vulnerabilities

04Related CVE

CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems CVE-2024-34794 WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability CVE-2024-47527 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page CVE-2025-58031 WordPress Nextend Facebook Connect Plugin <= 3.1.19 - Cross Site Scripting (XSS) Vulnerability