Posted by Kenan Gms on Oct 05

u-desing is a wordpress theme prone to DOM XSS vulnerability.

Vendor url:
http://themeforest.net/item/udesign-responsive-wordpress-theme/253220

versions between 2.7.9 – (Updated: 08.05.2015) and 2.3.0 – (Updated:
04.02.2014 – there are 40 of them) are vulnerable to DOM XSS which can be
exploited by adding #<svg onload=alert(1)> to the end of the url.

Vendor already patched the vulnerability on higher versions, but there are
still a…