Cross-Site Scripting Vulnerability in Duwasai Flashy Theme for WordPress
CVE-2015-0901

Currently unrated

Key Information:

Vendor: Wordpress
Status: Flashy
Vendor: CVE Published:; 31 March 2015

What is CVE-2015-0901?

The Duwasai Flashy theme for WordPress versions 1.3 and earlier contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML. This exploit targets unspecified vectors, potentially compromising the integrity of affected websites by allowing malicious scripts to be executed in users' browsers.

References

https://wpvulndb.com/vulnerabilities/7872

x_refsource_MISC

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000044

third-party-advisoryx_refsource_JVNDB

http://jvn.jp/en/jp/JVN97281747/index.html

third-party-advisoryx_refsource_JVN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2015
Vulnerability Reserved
Jan 8, 2015

Wordpress

What is CVE-2015-0901?

References

Timeline