CVE-2022-2170 - Vulnerability Details - OpenCVE

The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00583.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Microsoft Advertising Universal Event Tracking

Configuration 1 [-]

cpe:2.3:a:microsoft:microsoft_advertising_universal_event_tracking:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-34455	The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-01T12:49:17

Updated: 2024-08-03T00:32:08.642Z

Reserved: 2022-06-22T00:00:00

Link: CVE-2022-2170

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-01T13:15:10.457

Modified: 2024-11-21T07:00:28.137

Link: CVE-2022-2170

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Microsoft Advertising Universal Event Tracking (UET)", "vendor": "Unknown", "versions": [{"lessThan": "1.0.4", "status": "affected", "version": "1.0.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chowdhury Faizal Ahammed"}], "descriptions": [{"lang": "en", "value": "The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T12:49:17", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}], "source": {"discovery": "EXTERNAL"}, "title": "Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2170", "STATE": "PUBLIC", "TITLE": "Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Advertising Universal Event Tracking (UET)", "version": {"version_data": [{"version_affected": "<", "version_name": "1.0.4", "version_value": "1.0.4"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Chowdhury Faizal Ahammed"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:32:08.642Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2170", "datePublished": "2022-08-01T12:49:17", "dateReserved": "2022-06-22T00:00:00", "dateUpdated": "2024-08-03T00:32:08.642Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:microsoft_advertising_universal_event_tracking:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "81348578-3D41-4BE0-80F0-A974F54CF4BE", "versionEndExcluding": "1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage."}, {"lang": "es", "value": "El plugin Microsoft Advertising Universal Event Tracking (UET) de WordPress versiones anteriores a 1.0.4, no sanea ni escapa de sus configuraciones, lo que permite a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no est\u00e1 permitida. debido a una naturaleza de este plugin, un ataque de tipo XSS bien dise\u00f1ado tambi\u00e9n puede filtrarse a la p\u00e1gina principal"}], "id": "CVE-2022-2170", "lastModified": "2024-11-21T07:00:28.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T13:15:10.457", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}