CVE-2015-3429 – Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html

https://notcve.org/view.php?id=CVE-2015-3429

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. Vulnerabilidad de XSS en example.html en Genericons anterior a 3.3.1, utilizado en WordPress anterior a 4.2.2, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un identificador de fragmentos. WordPress Twenty Fifteen theme version 4.2.1 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html http://packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/May/41 http://www.debian.org/security/2015/dsa-3328 http://www.securityfocus.com/archive/1/535486/100/1000/threaded http://www.securityfocus.com/bid/74534 https://github.com/Automattic/Genericons/comm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •