CVE-2015-3429 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.5%

top 18.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Automattic Genericons +1 more

Timeline

PublishedJun 17

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.2.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.2.2+dfsg-1+3

▶NVDautomattic/genericons3.3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-44qg-j3rp-67rc: Cross-site scripting (XSS) vulnerability in example↗2022-05-14

▶

OSV

CVE-2015-3429: Cross-site scripting (XSS) vulnerability in example↗2015-06-17

▶

📋Vendor Advisories

Debian

CVE-2015-3429: wordpress - Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3....↗2015

▶

💬Community

Bugzilla

CVE-2015-3429 wordpress: two cross-site scripting flaws fixed in 4.2.2↗2015-05-07

▶