ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Symposium Plugin <= 14.10 - Multiple XSS

Product
Symposium
Description
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the 4 parameters: "compose_text" ( in a sendMail action to ajax/mail_functions.php), "text" (in an addComment action to ajax/profile_functions.php), "comment" (in an add_comment action to ajax/lounge_functions.php), or "name" (in a create_album action to ajax/gallery_functions.php).
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2014-8809
Versions
Affected In <= 14.10
Fixed In 14.11
Disclosure date
2014-11-13