Full Disclosure mailing list archives
u-design wordpress theme DOM XSS
From: Kenan Gms <gmskenan () gmail com>
Date: Mon, 5 Oct 2015 12:03:04 +0300
u-desing is a wordpress theme prone to DOM XSS vulnerability. Vendor url: http://themeforest.net/item/udesign-responsive-wordpress-theme/253220 versions between 2.7.9 – (Updated: 08.05.2015) and 2.3.0 – (Updated: 04.02.2014 - there are 40 of them) are vulnerable to DOM XSS which can be exploited by adding #<svg onload=alert(1)> to the end of the url. Vendor already patched the vulnerability on higher versions, but there are still a lot of people/companies are using vulnerable ones. Dork: inurl:/wp-theme/u-design/ You can check the version from: /wp-content/themes/u-design/style.css CVE Reference: CVE-2015-7357 Author: @K3n4nG _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- u-design wordpress theme DOM XSS Kenan Gms (Oct 05)