ByteOS Network

NVD Vulnerability Details :

CVE-2015-3429

Modified

Source-cve@mitre.org

Published At-17 Jun, 2015 | 18:59

Updated At-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Automattic Inc.

>>genericons>>Versions up to 3.3(inclusive)

cpe:2.3:a:automattic:genericons:*:*:*:*:*:*:*:*

WordPress.org

>>wordpress>>Versions up to 4.2.1(inclusive)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html	cve@mitre.org	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html	cve@mitre.org	N/A
http://packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html	cve@mitre.org	N/A
http://seclists.org/fulldisclosure/2015/May/41	cve@mitre.org	Exploit
http://www.debian.org/security/2015/dsa-3328	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/535486/100/1000/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/74534	cve@mitre.org	N/A
https://github.com/Automattic/Genericons/commit/798ac98579dd72dfdb11bdee3e7bebf01cffb1f7	cve@mitre.org	N/A
https://wordpress.org/news/2015/05/wordpress-4-2-2/	cve@mitre.org	N/A
https://wpvulndb.com/vulnerabilities/7965	cve@mitre.org	N/A
https://www.digitalocean.com/community/tutorials/how-to-protect-your-wordpress-site-from-the-genericons-example-html-xss-vulnerability	cve@mitre.org	Exploit
https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/	cve@mitre.org	Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158271.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158278.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://seclists.org/fulldisclosure/2015/May/41	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.debian.org/security/2015/dsa-3328	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/535486/100/1000/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/74534	af854a3a-2127-422b-91ae-364da2661108	N/A
https://github.com/Automattic/Genericons/commit/798ac98579dd72dfdb11bdee3e7bebf01cffb1f7	af854a3a-2127-422b-91ae-364da2661108	N/A
https://wordpress.org/news/2015/05/wordpress-4-2-2/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://wpvulndb.com/vulnerabilities/7965	af854a3a-2127-422b-91ae-364da2661108	N/A
https://www.digitalocean.com/community/tutorials/how-to-protect-your-wordpress-site-from-the-genericons-example-html-xss-vulnerability	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/	af854a3a-2127-422b-91ae-364da2661108	Exploit