PT-2026-23407

Name of the Vulnerable Software and Affected Versions HumHub Calendar module versions prior to 1.8.11 Description The Calendar module for HumHub allows users to create and manage events. A stored cross-site scripting XSS issue exists in the Event Types functionality of the Calendar module for...

EUVD-2022-34455

Malicious code in bioql PyPI...

Malicious Package

Overview @sev-ui-verse/event-tracking is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in @sev-ui-verse/event-tracking (npm)

The package @sev-ui-verse/event-tracking was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 456d3a4ed1bb864eafcf6a65c30be392f9dc9ac1342ab0c1cd51cc463f11ff7f Any computer that has this package installed or running should be considere...

MAL-2025-7063 Malicious code in @amber-team/react-event-tracking (npm)

The package @amber-team/react-event-tracking was found to contain malicious code...

Malicious code in @amber-team/react-event-tracking (npm)

The package @amber-team/react-event-tracking was found to contain malicious code...

CVE-2022-2170

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

CVE-2025-23254

creationtimestamp| type| source ---|---|--- 2025-05-01 14:15:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14282 2025-05-01 14:51:50+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114433137660446340 2025-05-01 16:30:45+00:00| seen|...

GHSA-FM9W-7M7V-WXQV

creationtimestamp| type| source ---|---|--- 2024-12-17 21:50:59+00:00| seen| https://infosec.exchange/users/cve/statuses/113670373972746279 2024-12-18 00:18:39+00:00| seen| https://t.me/cvedetector/13136...

CVE-2024-49410

creationtimestamp| type| source ---|---|--- 2024-12-03 05:52:03+00:00| seen| https://infosec.exchange/users/cve/statuses/113587330956993513 2024-12-03 05:55:38+00:00| seen| https://infosec.exchange/users/cve/statuses/113587345033487551 2024-12-03 08:08:27+00:00| seen| https://t.me/cvedetector/118...

CVE-2024-4947

creationtimestamp| type| source ---|---|--- 2024-05-16 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1290 2024-05-16 05:05:07+00:00| exploited| https://t.me/thehackernews/4962 2024-05-16 06:11:07+00:00| exploited| Telegram/VCH4ajzBNAEF6XD6JCyNg9BYmPbDigcGvveOx4A61gpys...

WordPress Goal Tracker - Custom Event Tracking for GA4 Plugin < 1.0.11 is vulnerable to Cross Site Scripting (XSS)

Software Goal Tracker - Custom Event Tracking for GA4 Type Plugin Vulnerable versions 1.0.11 Fixed in 1.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e97011f95aa7 Credits Raf...

CVE-2022-2170

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

Cross site scripting

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

WordPress plugin Microsoft Advertising Universal Event Tracking (UET) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. Put the following...

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. PoC Put the followi...

Microsoft Windows and Windows Server Information Disclosure Vulnerability (CNVD-2021-71941)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An information disclosure vulnerability exists in "Event Tracking" in Microsoft Windows and Windows Server...

Microsoft Windows 信息泄露漏洞

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An information disclosure vulnerability exists in "Event Tracking" in Microsoft Windows and Windows Server...

Microsoft Windows 权限许可和访问控制问题漏洞

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in "Windows Event Tracking" in Microsoft...