https://cxsecurity.com/issue/WLB-2015100051
WordPress U-Design Theme 2.7.9 Cross Site Scripting
| 漏洞ID | 1041193 | 漏洞类型 | |
| 发布时间 | 2015-10-07 | 更新时间 | 2015-10-07 |
 CVE编号
|
N/A |  CNNVD-ID
|
N/A |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
u-desing is a wordpress theme prone to DOM XSS vulnerability.
Vendor url:
http://themeforest.net/item/udesign-responsive-wordpress-theme/253220
versions between 2.7.9 ? (Updated: 08.05.2015) and 2.3.0 ? (Updated:
04.02.2014 - there are 40 of them) are vulnerable to DOM XSS which can be
exploited by adding #<svg onload=alert(1)> to the end of the url.
Vendor already patched the vulnerability on higher versions, but there are
still a lot of people/companies are using vulnerable ones.
Dork: inurl:/wp-theme/u-design/
You can check the version from: /wp-content/themes/u-design/style.css
CVE Reference: CVE-2015-7357
Author: @K3n4nG
检索漏洞
开始时间
结束时间