Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting (XSS).This issue affects Google Analytics

Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting (XSS).This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14.

Affected Products

Vendor	Product	Versions
Drupal	Google Analytics GA4	1.1.13

References

https://www.drupal.org/sa-contrib-2026-024

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-3529 | Google Analytics GA4 up to 1.1.13 on Drupal cross site scripting (sa-contrib-2026-024)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-79

Published3/26/2026

Last enriched20m agov2

Trending Score20

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Version History

Last enriched 20m ago

v2Tier C20m ago

Updated vendor to Drupal, product to Google Analytics GA4, affected versions to 1.1.13, severity to HIGH, and patch available to version 1.1.14.

vendorproductaffectedVersionspatchAvailable

via VulDB

v11h ago

Initial creation