ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Symposium Plugin <= 11.12.07 - XSS

Product
Symposium
Description
Because of this vulnerability in uploadify/get_profile_avatar.php, the attackers can inject arbitrary web script or HTML via the "uid" parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2011-3841
Versions
Affected In <= 11.12.07
Fixed In 11.12.08
Disclosure date
2011-09-26
Credits
Secunia Research