MidnightBSD

Advisories for udesign_project

CVE-2015-7357 MEDIUM

Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
udesign_project udesign 2.4.14
udesign_project udesign 2.6.0
udesign_project udesign 2.7.6
udesign_project udesign 2.4.11
udesign_project udesign 2.7.1
udesign_project udesign 2.4.0
udesign_project udesign 2.4.6
udesign_project udesign 2.5.5
udesign_project udesign 2.4.16
udesign_project udesign 2.4.17
udesign_project udesign 2.4.5
udesign_project udesign 2.4.7
udesign_project udesign 2.4.18
udesign_project udesign 2.5.3
udesign_project udesign 2.7.7
udesign_project udesign 2.7.2
udesign_project udesign 2.3.0
udesign_project udesign 2.4.19
udesign_project udesign 2.5.1
udesign_project udesign 2.4.4
udesign_project udesign 2.4.9
udesign_project udesign 2.7.9
udesign_project udesign 2.4.8
udesign_project udesign 2.7.5
udesign_project udesign 2.7.3
udesign_project udesign 2.4.13
udesign_project udesign 2.4.15
udesign_project udesign 2.5.0
udesign_project udesign 2.3.1
udesign_project udesign 2.4.2
udesign_project udesign 2.4.10
udesign_project udesign 2.4.1
udesign_project udesign 2.4.12
udesign_project udesign 2.5.6
udesign_project udesign 2.7.4
udesign_project udesign 2.7.8
udesign_project udesign 2.7.0
udesign_project udesign 2.4.3
udesign_project udesign 2.5.4
udesign_project udesign 2.5.2