Vulners
Lucene search
WordPress U-Design Theme 2.7.9 Cross Site Scripting Vulnerability
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | WordPress uDesign Theme Cross-Site Scripting Vulnerability | 18 Oct 201700:00 | – | cnvd |
 | CVE-2015-7357 | 2 Oct 201719:00 | – | cve |
 | CVE-2015-7357 | 2 Oct 201719:00 | – | cvelist |
 | EUVD-2015-7281 | 7 Oct 202500:30 | – | euvd |
 | CVE-2015-7357 | 3 Oct 201701:29 | – | nvd |
 | Cross site scripting | 3 Oct 201701:29 | – | prion |
 | uDesign Theme 1.8.0-2.7.9 - DOM Cross-Site Scripting (XSS) | 20 May 201500:00 | – | wpvulndb |
u-desing is a wordpress theme prone to DOM XSS vulnerability.
Vendor url:
http://themeforest.net/item/udesign-responsive-wordpress-theme/253220
versions between 2.7.9 – (Updated: 08.05.2015) and 2.3.0 – (Updated:
04.02.2014 - there are 40 of them) are vulnerable to DOM XSS which can be
exploited by adding #<svg onload=alert(1)> to the end of the url.
Vendor already patched the vulnerability on higher versions, but there are
still a lot of people/companies are using vulnerable ones.
Dork: inurl:/wp-theme/u-design/
You can check the version from: /wp-content/themes/u-design/style.css
CVE Reference: CVE-2015-7357
Author: @K3n4nG
# 0day.today [2018-04-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Oct 2015 00:00Current
6.3Medium risk
Vulners AI Score6.3
EPSS0.00335