Following a Sucuri announcement regarding JetPack and TwentyFifteen vulnerability to DOM-based XSS, I’ve come up with a quick way to scan all websites on our servers and check if they are vulnerable.
So I thought this may come in handy to other system administrators as well:
find /home/*/public_html -type f -name "example.html" | grep "genericons"
… which will return a list of locations containing the offending file. It isn’t the most elegant solution, but it does the job. Of course, you may need to adjust it to your environment (e.g. /home2, /home3 etc..).
The list of files will look something like this:
/home/userone/public_html/wp-content/themes/twentyfifteen/genericons/example.html /home/usertwo/public_html/wp-content/plugins/jetpack/_inc/genericons/example.html
File example.html from genericons directory can safely be removed. But, since deleting files from customers accounts is considered to be a bad practice, you may want to contact and ask them to do it themselves instead.
That way you’ll show that you’re being proactive with security – which is always a good thing in today’s competitive market.