EUVD-2026-16383

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

DRUPAL-CONTRIB-2026-024

The Google Analytics GA4 module enables users to add custom attributes to the script tag used to load the Google Analytics library. The module does not sufficiently sanitize these attributes. This vulnerability is mitigated by the fact that an attacker must have a role with the "ga4 configure" or...

PT-2026-23112

Name of the Vulnerable Software and Affected Versions Drupal Google Analytics GA4 versions prior to 1.1.14 Description The Google Analytics GA4 module does not properly sanitize custom attributes added to the script tag used to load the Google Analytics library, leading to a Cross-Site Scripting...

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

CVE-2024-29094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes HT Easy GA4 Google Analytics 4 allows Stored XSS.This issue affects HT Easy GA4 Google Analytics 4 : from n/a through 1.1.7...

PT-2024-22714

Name of the Vulnerable Software and Affected Versions HT Easy GA4 Google Analytics 4 versions 1.1.7 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker...

CVE-2023-23802

Cross-Site Request Forgery CSRF vulnerability in HasThemes HT Easy GA4 Google Analytics 4 plugin = 1.0.6 versions...