CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
This module provides integration with the Mixpanel real-time analytics service.
The module doesn’t sufficiently escape the Mixpanel token when adding the tracking Javascript to the page.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission “access administration pages”.
CVE: CVE-2012-5585
Drupal core is not affected. If you do not use the contributed Mixpanel module, there is nothing you need to do.
Install the latest version:
Also see the Mixpanel project page.