CVE-2015-3429 – Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html

https://notcve.org/view.php?id=CVE-2015-3429

08 Apr 2015 — Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. Vulnerabilidad de XSS en example.html en Genericons anterior a 3.3.1, utilizado en WordPress anterior a 4.2.2, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un identificador de fragmentos. The security update for wordpress in DSA 3328 contained a regres... • https://packetstorm.news/files/id/131802 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •