+ "details": "This module enables you to integrate Google Tag Manager (GTM) into your Drupal site by allowing administrators to configure and embed GTM container snippets.\n\nThe module doesn't sufficiently sanitize the GTM container ID under the scenario where a user with the *Administer gtm* permission enters malicious input into the *GTM-ID* field. This value is directly inserted into a `<script>` tag, making the site vulnerable to Cross-site Scripting (XSS) attacks.\n\nThis vulnerability is mitigated by the fact that an attacker must have a role with the permission *Administer gtm*, and the input field is limited to 20 characters.",
0 commit comments