CVE-2025-23483

Name of the Vulnerable Software and Affected Versions Niklas Olsson Universal Analytics Injector versions 1.0.3 and earlier

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge, potentially leading to malicious activities such as stealing user data or taking control of the user's session. The vulnerability is significant because it can be used to inject malicious scripts into a website, which can then be executed by users' browsers, leading to a range of potential attacks.

Recommendations For versions 1.0.3 and earlier, update to a version that fixes the CSRF vulnerability to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.