Wordpress : DOM-XSS in genericons package Description   The genericons package is vulnerable to a DOM-based XSS. This package is present in the JetPack plugin (over 1 million active installs) and the TwentyFifteen theme (installed by default)       Default configuration   Profiles High Medium Low Internet Action Pass Pass Pass Pass Alarm Level Minor Ignore Ignore Ignore       References   URL: https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/ URL: https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html       Available since   ASQ v5.0.0       Protects   Wordpress Multiple Vulnerabilities Fixed by 4.2.2 WordPress Cross-Site Scripting and Scripting Insertion Two Vulnerabilities 100 last CVE   CVE-2015-3440 CVE-2015-3429    Risk level  Moderate