Lucene search
K

228 matches found

NVD
NVD
added 2025/08/15 5:15 p.m.7 views

CVE-2025-8362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...

6.1CVSS0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/08/15 5:15 p.m.5 views

CVE-2025-8362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/15 4:27 p.m.9 views

CVE-2025-8362 GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...

0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/15 4:27 p.m.5 views

CVE-2025-8362 GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...

6.1AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/08/15 4:27 p.m.23 views

CVE-2025-8362

The CVE-2025-8362 issue affects the Drupal GoogleTag Manager module, specifically versions 0.0.0 through 1.9.9. It is caused by improper neutralization of input during web page generation, leading to Cross‑Site Scripting (XSS). The vulnerability’s practical impact is the potential execution of ma...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/15 12:0 a.m.7 views

PT-2025-33499 · Drupal · Drupal Googletag Manager

Name of the Vulnerable Software and Affected Versions: Drupal GoogleTag Manager versions 0.0.0 through 1.9.9 Description: Improper neutralization of input during web page generation allows for Cross-Site Scripting XSS. Recommendations: Update Drupal GoogleTag Manager to version 1.10.0 or later...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.5 views

Drupal GoogleTag Manager 安全漏洞

Drupal GoogleTag Manager is an administrative plugin for the Drupal community. A security vulnerability exists in Drupal GoogleTag Manager versions prior to 1.10.0 that stems from improper input neutralization and could lead to a cross-site scripting attack...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2025/07/30 4:31 p.m.7 views

DRUPAL-CONTRIB-2025-094

This module enables you to integrate Google Tag Manager GTM into your Drupal site by allowing administrators to configure and embed GTM container snippets. The module doesn't sufficiently sanitize the GTM container ID under the scenario where a user with the Administer gtm permission enters...

6.1CVSS6AI score0.00217EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/07/30 12:0 a.m.9 views

Drupal GoogleTag Manager module < 1.10.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module GoogleTag Manager versions 1.10.0...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2025/07/30 12:0 a.m.17 views

GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094

This module enables you to integrate Google Tag Manager GTM into your Drupal site by allowing administrators to configure and embed GTM container snippets. The module doesn't sufficiently sanitize the GTM container ID under the scenario where a user with the Administer gtm permission enters...

6.1CVSS6.8AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.10 views

CVE-2023-22693

Cross-Site Request Forgery CSRF vulnerability in conlabzgmbh WP Google Tag Manager plugin = 1.1 versions...

8.8CVSS7AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:4 a.m.11 views

CVE-2023-37467

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the beta and tests-passed branches, a CSP Content Security Policy nonce reuse vulnerability was discovered could allow cross-site scripting XSS attacks to bypass CSP protection for anonymous i.e. unauthenticated user...

6.8CVSS5.4AI score0.00316EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.10 views

CVE-2023-23801

Cross-Site Request Forgery CSRF vulnerability in HasThemes Really Simple Google Tag Manager plugin = 1.0.6 versions...

8.8CVSS6.9AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.10 views

CVE-2023-46094

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin = 6.5.3 versions...

7.1CVSS5.9AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.7 views

CVE-2022-1707

The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is /public/frontend.ph...

6.1CVSS6.2AI score0.90154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 p.m.4 views

CVE-2022-1961

The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the /public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web...

5.5CVSS6AI score0.01071EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/19 9:0 a.m.6 views

Malicious code in vtex.google-tag-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec8647ff7002efd9bfbcca725dbe03a4ef6644b991ada2bcfb6807480fb8eb4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/05/19 9:0 a.m.10 views

MAL-2025-4034 Malicious code in vtex.google-tag-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec8647ff7002efd9bfbcca725dbe03a4ef6644b991ada2bcfb6807480fb8eb4a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/05 12:26 a.m.14 views

CVE-2024-47215

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected latency,...

7.5CVSS7.1AI score0.00393EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 9:15 p.m.3 views

CVE-2024-47215

An issue was discovered in Snowbridge setups sending data to Google Tag Manager Server Side. It involves attaching an invalid GTM SS preview header to events, causing them to be retried indefinitely. As a result, the performance of forwarding events to GTM SS overall can be affected latency,...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
Rows per page
Query Builder