JVNDB-2015-000044

[Japanese]
JVNDB-2015-000044
WordPress theme flashy vulnerable to cross-site scripting
Overview
flashy is a theme for WordPress. flashy contains a cross-site scripting vulnerability. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

flashy flashy version 1.3 and earlier

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Do not use flashy] flashy is no longer being developed or maintained. It is recommended to stop using flashy.
Vendor Information
flashy flashy : WordPress Themes - flashy
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2015-0901
References
JVN : JVN#97281747 National Vulnerability Database (NVD) : CVE-2015-0901
Revision History
[2015/03/26] Web page was published [2015/04/07] References : Content was added

WordPress theme flashy vulnerable to cross-site scripting