Lucene search
K

228 matches found

OSV
OSV
added 2025/01/29 5:13 p.m.9 views

DRUPAL-CONTRIB-2025-011

This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't have the "restrict access" flag on the "administer google\tag\container" permission. A user with this permission can load a GTM container that completely changes the page or inserts...

4.8CVSS6.1AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/01/29 8:51 a.m.5 views

DRUPAL-CONTRIB-2025-008

This module enables you to add the Matomo web statistics tracking system to your website. The Matomo Analytics Tag Manager sub-module allows you to add one or more Matomo tag containers on your website. The module does not protect against Cross Site Request Forgeries on routes to enable or disabl...

6.8CVSS6.8AI score0.00167EPSS
Exploits0References1
Drupal
Drupal
added 2025/01/29 12:0 a.m.35 views

Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008

This module enables you to add the Matomo web statistics tracking system to your website. The Matomo Analytics Tag Manager sub-module allows you to add one or more Matomo tag containers on your website. The module does not protect against Cross Site Request Forgeries on routes to enable or disabl...

6.8CVSS6.9AI score0.00167EPSS
Exploits0References4
Drupal
Drupal
added 2025/01/29 12:0 a.m.19 views

Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012

This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't sufficiently validate the enabling or disabling of a tag container. The routes involved are not protected against Cross Site Request Forgery CSRF. This vulnerability is mitigated by the...

6.8CVSS6.9AI score0.00167EPSS
Exploits0References9
NVD
NVD
added 2025/01/16 8:15 p.m.7 views

CVE-2025-23537

Cross-Site Request Forgery CSRF vulnerability in קידום ובניית אתרים add custom google tag manager add-custom-google-tag-manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through = 1.0.3...

7.1CVSS0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/16 8:6 p.m.5 views

CVE-2025-23537 WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery CSRF vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3...

7.1CVSS6.8AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 8:6 p.m.44 views

CVE-2025-23537

CVE-2025-23537 is a CSRF to Stored XSS vulnerability impacting the WordPress plugin “add custom google tag manager” (affected range: n/a through 1.0.3). The issue is documented with a CVSS v3.1 base score of 7.1 (High) and an attack vector of Network with UI interaction required. Red Hat and ENIS...

7.1CVSS7.2AI score0.00195EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/16 6:41 p.m.6 views

WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability

CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin add custom google tag manager versions = 1.0.3...

7.1CVSS5.8AI score0.00195EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/01/16 12:0 a.m.4 views

WordPress plugin add custom google tag manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

7.1CVSS8.2AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/16 12:0 a.m.8 views

PT-2025-4929 · Google · Google Tag Manager

Name of the Vulnerable Software and Affected Versions: Oren hahiashvili add custom google tag manager versions 1.0.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can execute malicious scripts on the victim's...

7.1CVSS9.3AI score0.00195EPSS
Exploits0References3
OSV
OSV
added 2025/01/09 8:15 p.m.3 views

CVE-2024-13289 Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting XSS.This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Cookiebot + GTM prior to version 1.0.18, which stems from improper input neutralization during page generation, resulting in a cross-site scripting...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/09 11:29 a.m.11 views

CVE-2023-51357 WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 6.5.0...

5.3CVSS8.5AI score0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:29 a.m.36 views

CVE-2023-51357 WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 6.5.0...

5.3CVSS0.00485EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 4:41 p.m.7 views

DRUPAL-CONTRIB-2024-064

This module integrates Tarte au citron JS library with Drupal and prevent services to be loaded without user consent. Administrators can enable and configure services which will be managed by Tarte au citron. When Google Tag Manager GTM service is enabled, an attacker can load a GTM container tha...

4.8CVSS6.7AI score0.00228EPSS
Exploits0References1
Drupal
Drupal
added 2024/11/27 12:0 a.m.14 views

Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064

This module integrates Tarte au citron JS library with Drupal and prevent services to be loaded without user consent. Administrators can enable and configure services which will be managed by Tarte au citron. When Google Tag Manager GTM service is enabled, an attacker can load a GTM container tha...

4.8CVSS6.9AI score0.00228EPSS
Exploits0References7
OSV
OSV
added 2024/10/30 5:7 p.m.6 views

DRUPAL-CONTRIB-2024-055

This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting XSS vulnerability...

5.4CVSS5.7AI score0.00271EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/10/30 12:0 a.m.5 views

Drupal Cookiebot + GTM module < 1.0.18 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff in WordPress Module Cookiebot + GTM versions 1.0.18...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2025-2104 · Unknown · Cookiebot + Gtm

Name of the Vulnerable Software and Affected Versions: Cookiebot + GTM versions 0.0.0 through 1.0.17 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows an attacker to conduct Cross-Site Scripting...

5.5CVSS6.6AI score0.00271EPSS
Exploits0References5
Drupal
Drupal
added 2024/10/30 12:0 a.m.11 views

Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055

This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting XSS vulnerability...

5.4CVSS5.9AI score0.00271EPSS
Exploits0References7
Rows per page
Query Builder