145 matches found
CVE-2026-53608
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...
CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...
CVE-2026-53608
ApostropheCMS (open-source Node.js) vulnerability CVE-2026-53608 affects the @apostrophecms/seo package up to 1.4.2, where seoGoogleTrackingId and seoGoogleTagManager are injected into [removed] bodies via template literals without sanitization. With editor-level access, an attacker can set these...
PT-2026-49005
Name of the Vulnerable Software and Affected Versions @apostrophecms/seo versions prior to 1.4.3 Description Stored Cross-Site Scripting XSS occurs when the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager direct...
New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific...
CVE-2025-23537
Cross-Site Request Forgery CSRF vulnerability in קידום ובניית אתרים add custom google tag manager add-custom-google-tag-manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through = 1.0.3...
Malicious Package
Overview frontend-google-tag-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in frontend-google-tag-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4f6a0228c6c8a63f058b39d72aa7f23d1f92b03e46a8f5dff1b1f856bbb6306 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-33611
Malicious code in frontend-google-tag-manager npm...
EUVD-2024-16970
Malicious code in bioql PyPI...
EUVD-2025-25042
Malicious code in bioql PyPI...
EUVD-2024-54496
Malicious code in bioql PyPI...
EUVD-2025-3237
Malicious code in bioql PyPI...
EUVD-2023-26822
Malicious code in bioql PyPI...
EUVD-2023-41364
Malicious code in bioql PyPI...
EUVD-2023-50355
Malicious code in bioql PyPI...
EUVD-2022-25229
Malicious code in bioql PyPI...
CVE-2025-8362
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...
CVE-2025-8362
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...
CVE-2025-8362
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...