Cross-Site Scripting Vulnerability in U-Design Theme for WordPress
CVE-2015-7357

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Udesign
Vendor
CVE Published:
3 October 2017

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the U-Design WordPress theme versions prior to 2.7.10, which allows remote attackers to inject arbitrary web scripts or HTML via a fragment identifier. This can potentially lead to malicious actions such as stealing session cookies or redirecting users to harmful sites.

References

http://packetstormsecurity.com/files/133867/WordPress-U-D...
x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Oct/25
mailing-listx_refsource_FULLDISC
http://themeforest.net/item/udesign-responsive-wordpress-...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.