Описание
The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
4.8 Medium
CVSS3
Дефекты
Связанные уязвимости
The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.
Уязвимость плагина Microsoft Advertising Universal Event Tracking (UET) системы управления содержимым сайта WordPress, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
EPSS
4.8 Medium
CVSS3