brotkrueml/typo3-matomo-integration is vulnerable to cross-site scripting. The vulnerability exists in convertStringValue
function in MatomoMethodCall.php
because the content from PSR-14 events are not properly escaped which allows an attackers to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
brotkrueml/typo3-matomo-integration | le | v1.3.1 | |
brotkrueml/typo3-matomo-integration | le | v1.3.1 |