7660 matches found
CVE-2026-3529
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...
CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...
CVE-2025-14806
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...
CVE-2026-3570
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...
CVE-2026-1267
IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...
CVE-2026-33685
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...
CVE-2026-1238
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' fingerprint parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
Malicious code in security-install-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1479aa9ec70d315ba69eec145d02655fe633a7f253ba7b0b3d082895b1ca35 The package security-install-analytics was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2234 Malicious code in security-install-analytics (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae1479aa9ec70d315ba69eec145d02655fe633a7f253ba7b0b3d082895b1ca35 The package security-install-analytics was found to contain malicious code. Source: ossf-package-analysis...
Drupal Google Analytics GA4 安全漏洞
Drupal Google Analytics GA4 is an integrated module for website traffic statistics and analysis developed by the Drupal company. Versions of Drupal Google Analytics GA4 prior to 1.1.14 contained a security vulnerability caused by improper input handling, which could lead to cross-site scripting...
AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
Summary The plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel names, user IDs, ad campaign names, and impression/click counts. The HTML...
EUVD-2026-14496
AVideo Allows Unauthenticated Access to ADServer reports.json.php that Exposes Ad Campaign Analytics and User Data...
GHSA-J36M-74G2-7M95 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
Summary The plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel names, user IDs, ad campaign names, and impression/click counts. The HTML...
Missing Authorization
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization due to missing authentication and authorization checks in the reports.json.php and getData.json.php endpoints. An attacker can access sensiti...
Best Klaviyo Alternatives for Revenue Growth and Advanced Analytics
Top Klaviyo alternatives offer advanced analytics, automation, and insights to help e-commerce brands improve campaigns, boost revenue, and track performance...
EUVD-2026-15186
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-2072 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...