| Vulnerability Name: | CVE-2015-3429 (CCN-103107) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2015-05-07 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2015-05-07 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-09 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-3429 Source: FEDORA Type: UNKNOWN FEDORA-2015-6808 Source: FEDORA Type: UNKNOWN FEDORA-2015-6790 Source: MISC Type: UNKNOWN http://packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html Source: CCN Type: BugTraq Mailing List, Thu, 7 May 2015 13:58:02 +0300 Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429 Source: FULLDISC Type: Exploit 20150509 Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429 Source: DEBIAN Type: UNKNOWN DSA-3328 Source: BUGTRAQ Type: UNKNOWN 20150507 Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429 Source: BID Type: UNKNOWN 74534 Source: CCN Type: BID-74534 WordPress CVE-2015-3429 Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN wp-cve20153429-xss(103107) Source: CONFIRM Type: UNKNOWN https://github.com/Automattic/Genericons/commit/798ac98579dd72dfdb11bdee3e7bebf01cffb1f7 Source: CCN Type: Packet Storm Security [05-07-2015] WordPress Twenty Fifteen 4.2.1 Cross Site Scripting Source: CONFIRM Type: UNKNOWN https://wordpress.org/news/2015/05/wordpress-4-2-2/ Source: CCN Type: WordPress Theme Directory Twenty Fifteen Source: MISC Type: UNKNOWN https://wpvulndb.com/vulnerabilities/7965 Source: MISC Type: Exploit https://www.digitalocean.com/community/tutorials/how-to-protect-your-wordpress-site-from-the-genericons-example-html-xss-vulnerability Source: MISC Type: Exploit https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/ Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-3429 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||