{ "id": "CVE-2015-7357", "sourceIdentifier": "cve@mitre.org", "published": "2017-10-03T01:29:00.687", "lastModified": "2017-10-11T15:37:03.293", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #." }, { "lang": "es", "value": "Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el tema uDesign (o U-Design) 2.3.0 en versiones anteriores a la 2.7.10 para WordPress que permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un identificador de fragmento, tal y como se demuestra con #." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FC577F03-9888-4EE4-99F4-4CBF7BB91767" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9920323E-F800-49EF-9480-95BF8F9BF5D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "737044BD-92FC-48FB-8E92-6D5061DA6A69" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9B29D06F-44AB-4D67-8103-1FF8798CCE45" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FD991DF4-8785-4406-82DC-BC9F79D30AEC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "432DAB5D-29D1-49A8-8570-62249912C716" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4A95C8EC-3D2B-46C0-88DC-167A7248A154" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "660D63B8-94BA-4215-BAD1-2284FA69F133" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "966B4C93-B6AB-48B5-923E-C1730CF81E29" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "15B1D858-DC4C-4111-BA4E-12D3B154AF85" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0514A546-CE9A-4593-9871-950C60ABE239" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BA236B25-7888-4532-986E-5789047FC312" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EAE8398D-C29F-4468-A443-0B8F3E724AE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7DF9E502-68DD-44EC-B521-F9CE365616D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4845BE36-913A-4219-84A9-DF24C426130E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.13:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2CFA37DE-BE16-4755-B0BA-C50060319BFF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.14:*:*:*:*:wordpress:*:*", "matchCriteriaId": "27CC25D7-04D3-47C2-839C-FC784DCF1076" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.15:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8A8EC4A3-075E-4204-AF1E-207442F2572B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.16:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D51ECB72-2928-4AD4-9319-5AFE903C6341" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.17:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8A0B0B75-D333-4322-9E33-D6BA2D1096F7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.18:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E92BF32B-09AD-4AB0-A305-68679FAE696C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.4.19:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3E6146C9-243C-490A-A01C-04E216F3A84A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.5.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FFACA1B4-716B-4CF7-9172-73329C40E0A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.5.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "127AD8A2-0881-462D-9643-2C55B766150E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.5.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F28D7C9B-10CA-41FA-A328-F3635A4A4E33" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.5.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4A52646F-B801-4C77-8E69-27676F108843" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.5.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D5B1B96F-708C-45D6-BB65-B1F21822F647" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.5.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "35BDBD76-6A3A-4DD2-B324-1802E30E05FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.5.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8E543899-13CF-4310-8226-EFCDA36249CE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.6.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "148D5125-790B-4C60-BD3F-7E1BDAC83A02" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AF819104-7848-4874-B401-6A1D27DFC8C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EED32893-CE91-418D-9AF7-08F443FF34DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1C133D02-A804-4EAC-9380-A5F436D0026A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7F302EFC-421E-4074-8DA7-5E5368D356B9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F8B0A587-D6B2-4278-A0EE-1A4C5396FDCD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A931B0A8-1176-4C97-9A4C-6B5DF0BD21AA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6AC8CE83-3FF0-4F55-A6FC-17BDDD2D24C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "14B1E7FE-361B-45A1-A4B6-C69A9C127010" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5EBB5CD1-8813-479D-9F75-68AFFB444DFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:udesign_project:udesign:2.7.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FE15436B-24B7-4025-B725-8222813FD937" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html", "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://seclists.org/fulldisclosure/2015/Oct/25", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://wpvulndb.com/vulnerabilities/8177", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] } ] }