CVE-2015-7357

{"id": "CVE-2015-7357", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-10-03T01:29:00.687", "references": [{"url": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2015/Oct/25", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wpvulndb.com/vulnerabilities/8177", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>."}, {"lang": "es", "value": "Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el tema uDesign (o U-Design) 2.3.0 en versiones anteriores a la 2.7.10 para WordPress que permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un identificador de fragmento, tal y como se demuestra con #."}], "lastModified": "2017-10-11T15:37:03.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:udesign_project:udesign:2.3.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FC577F03-9888-4EE4-99F4-4CBF7BB91767"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.3.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9920323E-F800-49EF-9480-95BF8F9BF5D9"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "737044BD-92FC-48FB-8E92-6D5061DA6A69"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9B29D06F-44AB-4D67-8103-1FF8798CCE45"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FD991DF4-8785-4406-82DC-BC9F79D30AEC"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "432DAB5D-29D1-49A8-8570-62249912C716"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4A95C8EC-3D2B-46C0-88DC-167A7248A154"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "660D63B8-94BA-4215-BAD1-2284FA69F133"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "966B4C93-B6AB-48B5-923E-C1730CF81E29"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "15B1D858-DC4C-4111-BA4E-12D3B154AF85"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0514A546-CE9A-4593-9871-950C60ABE239"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BA236B25-7888-4532-986E-5789047FC312"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.10:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EAE8398D-C29F-4468-A443-0B8F3E724AE2"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.11:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7DF9E502-68DD-44EC-B521-F9CE365616D1"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.12:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4845BE36-913A-4219-84A9-DF24C426130E"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.13:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2CFA37DE-BE16-4755-B0BA-C50060319BFF"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.14:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "27CC25D7-04D3-47C2-839C-FC784DCF1076"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.15:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8A8EC4A3-075E-4204-AF1E-207442F2572B"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.16:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D51ECB72-2928-4AD4-9319-5AFE903C6341"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.17:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8A0B0B75-D333-4322-9E33-D6BA2D1096F7"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.18:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E92BF32B-09AD-4AB0-A305-68679FAE696C"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.19:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3E6146C9-243C-490A-A01C-04E216F3A84A"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FFACA1B4-716B-4CF7-9172-73329C40E0A8"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "127AD8A2-0881-462D-9643-2C55B766150E"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F28D7C9B-10CA-41FA-A328-F3635A4A4E33"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4A52646F-B801-4C77-8E69-27676F108843"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D5B1B96F-708C-45D6-BB65-B1F21822F647"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "35BDBD76-6A3A-4DD2-B324-1802E30E05FD"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8E543899-13CF-4310-8226-EFCDA36249CE"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.6.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "148D5125-790B-4C60-BD3F-7E1BDAC83A02"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AF819104-7848-4874-B401-6A1D27DFC8C6"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EED32893-CE91-418D-9AF7-08F443FF34DF"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1C133D02-A804-4EAC-9380-A5F436D0026A"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7F302EFC-421E-4074-8DA7-5E5368D356B9"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F8B0A587-D6B2-4278-A0EE-1A4C5396FDCD"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A931B0A8-1176-4C97-9A4C-6B5DF0BD21AA"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6AC8CE83-3FF0-4F55-A6FC-17BDDD2D24C6"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "14B1E7FE-361B-45A1-A4B6-C69A9C127010"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5EBB5CD1-8813-479D-9F75-68AFFB444DFC"}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FE15436B-24B7-4025-B725-8222813FD937"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}