VDB
CVE-2015-3429
CVE-2015-3429
REJECTED
Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.
EPSS 1.53% · 81.7th percentile
Risk Scores
EPSS Score
1.53%
81.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | wordpress | 4.3+dfsg-1, 4.3.1+dfsg-1, 4.4+dfsg-1 |
Exploit Intelligence
- https://wpvulndb.com/vulnerabilities/7965 (circl)
- 20150507 Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429 (circl)
- DSA-3328 (circl)
- FEDORA-2015-6790 (circl)
- https://github.com/Automattic/Genericons/commit/798ac98579dd72dfdb11bdee3e7bebf01cffb1f7 (circl)
- https://wordpress.org/news/2015/05/wordpress-4-2-2/ (circl)
- 74534 (circl)
- FEDORA-2015-6808 (circl)
- http://packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html (circl)
- http://seclists.org/fulldisclosure/2015/May/41 (vulncheck-nvd)
…and 2 more exploits
Timeline
- Jun 17, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-3429 third-party-advisory
- https://wordpress.org/news/2015/05/wordpress-4-2-2/ third-party-advisory
- https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-3429 third-party-advisory