43 matches found
Jetpack <= 3.5.2 - Unauthenticated DOM Cross-Site Scripting (XSS)
Genericons = 3.2 vulnerable to DOM XSS in the example.html file due to using outdated version of jQuery and vulnerable code. Vulnerable Code: permalink = "genericon-" + window.location.hash.split''1; cssclass = jQuery '.' + permalink .attr'class'; PoC...
Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
Genericons = 3.2 vulnerable to DOM XSS in the example.html file due to using outdated version of jQuery and vulnerable code. Vulnerable Code: permalink = "genericon-" + window.location.hash.split''1; cssclass = jQuery '.' + permalink .attr'class'; PoC...
WordPress Genericons Plugin <= 4.2.1 - XSS
This vulnerability is in example.html and allows an attacker to inject arbitrary web script or HTML via a fragment identifier. Solution Update the plugin...