Cross-Site Scripting Vulnerability in WP Symposium Plugin by WordPress
CVE-2011-3841

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Symposium
Vendor: CVE Published:; 27 December 2011

Summary

The WP Symposium plugin for WordPress is affected by a cross-site scripting vulnerability found in the uploadify/get_profile_avatar.php file. This flaw enables remote attackers to inject arbitrary web scripts or HTML through the 'uid' parameter, potentially allowing unauthorized access and control over user sessions. Users of affected versions prior to 11.12.08 are advised to update promptly to mitigate the risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/51017

vdb-entryx_refsource_BID

http://secunia.com/advisories/47243

third-party-advisoryx_refsource_SECUNIA

http://www.wpsymposium.com/2011/12/v11-12-08/

x_refsource_MISC

Timeline

Vulnerability published
Dec 27, 2011
Vulnerability Reserved
Sep 26, 2011