CVE-2022-2170 - Vulnerability Details - OpenCVE

Description

The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.

Published: 2022-08-01

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Unknown

Microsoft Advertising Universal Event Tracking (UET)

affected

Version	Status	Constraints
`1.0.4`	affected	< 1.0.4

Configuration 1 [-]

cpe:2.3:a:microsoft:microsoft_advertising_universal_event_tracking:*:*:*:*:*:wordpress:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-34455	The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00614.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed

History

No history.

Subscriptions

Microsoft Microsoft Advertising Universal Event Tracking

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-08-01T12:49:17.000Z

Updated: 2024-08-03T00:32:08.642Z

Reserved: 2022-06-22T00:00:00.000Z

Link: CVE-2022-2170

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-01T13:15:10.457

Modified: 2024-11-21T07:00:28.137

Link: CVE-2022-2170

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"containers": {"cna": {"affected": [{"product": "Microsoft Advertising Universal Event Tracking (UET)", "vendor": "Unknown", "versions": [{"lessThan": "1.0.4", "status": "affected", "version": "1.0.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chowdhury Faizal Ahammed"}], "descriptions": [{"lang": "en", "value": "The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T12:49:17.000Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}], "source": {"discovery": "EXTERNAL"}, "title": "Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-2170", "STATE": "PUBLIC", "TITLE": "Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Advertising Universal Event Tracking (UET)", "version": {"version_data": [{"version_affected": "<", "version_name": "1.0.4", "version_value": "1.0.4"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Chowdhury Faizal Ahammed"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:32:08.642Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-2170", "datePublished": "2022-08-01T12:49:17.000Z", "dateReserved": "2022-06-22T00:00:00.000Z", "dateUpdated": "2024-08-03T00:32:08.642Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:microsoft_advertising_universal_event_tracking:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "81348578-3D41-4BE0-80F0-A974F54CF4BE", "versionEndExcluding": "1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage."}, {"lang": "es", "value": "El plugin Microsoft Advertising Universal Event Tracking (UET) de WordPress versiones anteriores a 1.0.4, no sanea ni escapa de sus configuraciones, lo que permite a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no est\u00e1 permitida. debido a una naturaleza de este plugin, un ataque de tipo XSS bien dise\u00f1ado tambi\u00e9n puede filtrarse a la p\u00e1gina principal"}], "id": "CVE-2022-2170", "lastModified": "2024-11-21T07:00:28.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T13:15:10.457", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}