CVE-2015-3429
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%
Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| automattic:genericons | automattic genericons | le | 3.3 |
References
lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html
lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html
packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html
seclists.org/fulldisclosure/2015/May/41
www.debian.org/security/2015/dsa-3328
www.securityfocus.com/archive/1/535486/100/1000/threaded
www.securityfocus.com/bid/74534
github.com/Automattic/Genericons/commit/798ac98579dd72dfdb11bdee3e7bebf01cffb1f7
wordpress.org/news/2015/05/wordpress-4-2-2/
wpvulndb.com/vulnerabilities/7965
www.digitalocean.com/community/tutorials/how-to-protect-your-wordpress-site-from-the-genericons-example-html-xss-vulnerability
www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.9%