Version: 7.x-3.x-dev, 7.x-2.x-dev, 7.x-1.x-dev
Security risk: *Moderately critical* 13∕25
Vulnerability: Cross site scripting
The Yandex.Metrics module allows you to look for key indicators of your site
The module doesn't sufficiently let users know a setting page should not be
given to untrusted users.
This vulnerability is mitigated by the fact that an attacker must have a role
with the permission "administer Yandex.Metrics settings."