CVE-2022-2170

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

CVE-2022-2170 Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

CVE-2022-2170

CVE-2022-2170 affects the WordPress Microsoft Advertising Universal Event Tracking (UET) plugin prior to 1.0.4. The root cause is insufficient sanitisation/escaping of plugin settings, enabling stored XSS by high-privilege users (e.g., admins) and potentially leaking content to the front page. Re...

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. PoC Put the followi...

WordPress Microsoft Advertising Universal Event Tracking (UET) plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chowdhury Faizal Ahammed in WordPress Microsoft Advertising Universal Event Tracking UET plugin versions = 1.0.3. Solution Update the WordPress Microsoft Advertising Universal Event Tracking UET plugin to the latest availab...

PT-2022-4952 · Microsoft · Advertising Universal Event Tracking (Uet) Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Microsoft Advertising Universal Event Tracking UET WordPress plugin versions prior to 1.0.4 Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when the unfiltered html capability ...

New transferFlaw Bug Used For Possible Scam Token Listed In A Top Exchange(CVE-2018-10468)

Our automated scanning system at PeckShield discovered a new vulnerability named transferFlaw CVE-2018–10468. This particular vulnerability affects a publicly traded ERC20 token listed in a top exchange. Different from batchOverflow 1 and proxyOverflow 2 we identified before, this vulnerability...

CVE-2018-10468

The transferFrom function of a smart contract implementation for Useless Ethereum Token UET, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer all victims' balances into their account because certain computations involving value are incorrect, as exploited in the wild...

CVE-2018-10468

CVE-2018-10468 affects the Useless Ethereum Token (UET) ERC20 contract. The transferFrom function mishandles calculations involving _value, enabling an attacker to steal funds (e.g., drain victims’ balances). Exploitation has been observed in the wild since 2017-12. Related tokens (e.g., DimonCoi...