CVE-2025-8362

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0.

PUBLISHED Reserved 2025-07-30 | Published 2025-08-15 | Updated 2025-08-15 | Assigner drupal

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Pierre Rudloff (prudloff) finder

Anatoly Politsin (apolitsin) remediation developer

Pierre Rudloff (prudloff) remediation developer

Ivo Van Geertruyen (mr.baileys) coordinator

Juraj Nemec (poker10) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2025-094

cve.org (CVE-2025-8362)

nvd.nist.gov (CVE-2025-8362)

Download JSON