{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-02T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html"}, {"name": "20151005 u-design wordpress theme DOM XSS", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2015/Oct/25"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8177"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7357", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html"}, {"name": "20151005 u-design wordpress theme DOM XSS", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2015/Oct/25"}, {"name": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220", "refsource": "CONFIRM", "url": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220"}, {"name": "https://wpvulndb.com/vulnerabilities/8177", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8177"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:43:46.111Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html"}, {"name": "20151005 u-design wordpress theme DOM XSS", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2015/Oct/25"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/8177"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-7357", "datePublished": "2017-10-02T19:00:00", "dateReserved": "2015-09-24T00:00:00", "dateUpdated": "2024-08-06T07:43:46.111Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:udesign_project:udesign:2.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FC577F03-9888-4EE4-99F4-4CBF7BB91767", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9920323E-F800-49EF-9480-95BF8F9BF5D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "737044BD-92FC-48FB-8E92-6D5061DA6A69", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9B29D06F-44AB-4D67-8103-1FF8798CCE45", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FD991DF4-8785-4406-82DC-BC9F79D30AEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "432DAB5D-29D1-49A8-8570-62249912C716", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4A95C8EC-3D2B-46C0-88DC-167A7248A154", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "660D63B8-94BA-4215-BAD1-2284FA69F133", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "966B4C93-B6AB-48B5-923E-C1730CF81E29", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "15B1D858-DC4C-4111-BA4E-12D3B154AF85", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0514A546-CE9A-4593-9871-950C60ABE239", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BA236B25-7888-4532-986E-5789047FC312", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EAE8398D-C29F-4468-A443-0B8F3E724AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7DF9E502-68DD-44EC-B521-F9CE365616D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4845BE36-913A-4219-84A9-DF24C426130E", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.13:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2CFA37DE-BE16-4755-B0BA-C50060319BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.14:*:*:*:*:wordpress:*:*", "matchCriteriaId": "27CC25D7-04D3-47C2-839C-FC784DCF1076", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.15:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8A8EC4A3-075E-4204-AF1E-207442F2572B", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.16:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D51ECB72-2928-4AD4-9319-5AFE903C6341", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.17:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8A0B0B75-D333-4322-9E33-D6BA2D1096F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.18:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E92BF32B-09AD-4AB0-A305-68679FAE696C", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.4.19:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3E6146C9-243C-490A-A01C-04E216F3A84A", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FFACA1B4-716B-4CF7-9172-73329C40E0A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "127AD8A2-0881-462D-9643-2C55B766150E", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F28D7C9B-10CA-41FA-A328-F3635A4A4E33", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4A52646F-B801-4C77-8E69-27676F108843", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D5B1B96F-708C-45D6-BB65-B1F21822F647", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "35BDBD76-6A3A-4DD2-B324-1802E30E05FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.5.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8E543899-13CF-4310-8226-EFCDA36249CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.6.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "148D5125-790B-4C60-BD3F-7E1BDAC83A02", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AF819104-7848-4874-B401-6A1D27DFC8C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EED32893-CE91-418D-9AF7-08F443FF34DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1C133D02-A804-4EAC-9380-A5F436D0026A", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7F302EFC-421E-4074-8DA7-5E5368D356B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F8B0A587-D6B2-4278-A0EE-1A4C5396FDCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A931B0A8-1176-4C97-9A4C-6B5DF0BD21AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6AC8CE83-3FF0-4F55-A6FC-17BDDD2D24C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "14B1E7FE-361B-45A1-A4B6-C69A9C127010", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5EBB5CD1-8813-479D-9F75-68AFFB444DFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:udesign_project:udesign:2.7.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FE15436B-24B7-4025-B725-8222813FD937", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>."}, {"lang": "es", "value": "Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el tema uDesign (o U-Design) 2.3.0 en versiones anteriores a la 2.7.10 para WordPress que permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante un identificador de fragmento, tal y como se demuestra con #."}], "id": "CVE-2015-7357", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-03T01:29:00.687", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2015/Oct/25"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/133867/WordPress-U-Design-Theme-2.7.9-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2015/Oct/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://themeforest.net/item/udesign-responsive-wordpress-theme/253220"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wpvulndb.com/vulnerabilities/8177"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}