228 matches found
DRUPAL-CONTRIB-2025-011
This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't have the "restrict access" flag on the "administer google\tag\container" permission. A user with this permission can load a GTM container that completely changes the page or inserts...
DRUPAL-CONTRIB-2025-008
This module enables you to add the Matomo web statistics tracking system to your website. The Matomo Analytics Tag Manager sub-module allows you to add one or more Matomo tag containers on your website. The module does not protect against Cross Site Request Forgeries on routes to enable or disabl...
Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008
This module enables you to add the Matomo web statistics tracking system to your website. The Matomo Analytics Tag Manager sub-module allows you to add one or more Matomo tag containers on your website. The module does not protect against Cross Site Request Forgeries on routes to enable or disabl...
Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012
This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't sufficiently validate the enabling or disabling of a tag container. The routes involved are not protected against Cross Site Request Forgery CSRF. This vulnerability is mitigated by the...
CVE-2025-23537
Cross-Site Request Forgery CSRF vulnerability in קידום ובניית אתרים add custom google tag manager add-custom-google-tag-manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through = 1.0.3...
CVE-2025-23537 WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery CSRF vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3...
CVE-2025-23537
CVE-2025-23537 is a CSRF to Stored XSS vulnerability impacting the WordPress plugin “add custom google tag manager” (affected range: n/a through 1.0.3). The issue is documented with a CVSS v3.1 base score of 7.1 (High) and an attack vector of Network with UI interaction required. Red Hat and ENIS...
WordPress add custom google tag manager plugin <= 1.0.3 - CSRF to Stored Cross-Site Scripting vulnerability
CSRF to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin add custom google tag manager versions = 1.0.3...
WordPress plugin add custom google tag manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-4929 · Google · Google Tag Manager
Name of the Vulnerable Software and Affected Versions: Oren hahiashvili add custom google tag manager versions 1.0.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can execute malicious scripts on the victim's...
CVE-2024-13289 Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting XSS.This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Cookiebot + GTM prior to version 1.0.18, which stems from improper input neutralization during page generation, resulting in a cross-site scripting...
CVE-2023-51357 WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 6.5.0...
CVE-2023-51357 WordPress Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 6.5.0...
DRUPAL-CONTRIB-2024-064
This module integrates Tarte au citron JS library with Drupal and prevent services to be loaded without user consent. Administrators can enable and configure services which will be managed by Tarte au citron. When Google Tag Manager GTM service is enabled, an attacker can load a GTM container tha...
Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064
This module integrates Tarte au citron JS library with Drupal and prevent services to be loaded without user consent. Administrators can enable and configure services which will be managed by Tarte au citron. When Google Tag Manager GTM service is enabled, an attacker can load a GTM container tha...
DRUPAL-CONTRIB-2024-055
This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting XSS vulnerability...
Drupal Cookiebot + GTM module < 1.0.18 - Authenticated Cross Site Scripting (XSS) vulnerability
Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff in WordPress Module Cookiebot + GTM versions 1.0.18...
PT-2025-2104 · Unknown · Cookiebot + Gtm
Name of the Vulnerable Software and Affected Versions: Cookiebot + GTM versions 0.0.0 through 1.0.17 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting XSS. This allows an attacker to conduct Cross-Site Scripting...
Cookiebot + GTM - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-055
This module makes it possible for you to integrate Cookiebot and Google Tag Manager in a fast and simple way. The module doesn't sufficiently filter for malicious script leading to a persistent cross site scripting XSS vulnerability...