CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2695 – WP Symposium < 13.04 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2695
Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter. Vulnerabilidad de XSS en invite.php en el plugin WP Symposium anterior a 13.04 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro u. • http://osvdb.org/92275 http://secunia.com/advisories/52864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2694 – WP Symposium <= 13.04 - Open Redirection
https://notcve.org/view.php?id=CVE-2013-2694
Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter. Vulnerabilidad de redirección abierta en invite.php en el plugin WP Symposium 13.04 para WordPress permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques phishing a través de una URL en el parámetro u. • http://osvdb.org/92274 http://secunia.com/advisories/52925 http://www.securityfocus.com/bid/59045 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 9%CPEs: 16EXPL: 0CVE-2011-5051 – WP Symposium < 11.12.24 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2011-5051
Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. Múltiples vulnerabilidades de subida de ficheros sin restricción en el complemento WP Symposium antes de v11.12.24 para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un fichero con una extensión ejecutable usando (1) uploadify/upload_admin_avatar.php o (2) uploadify/upload_profile_avatar.php, y accediendo posteriormente a él a través de una petición directa al fichero en un directorio no especificado dentro del webroot. • http://osvdb.org/78041 http://osvdb.org/78042 http://secunia.com/advisories/46097 http://secunia.com/secunia_research/2011-91 https://exchange.xforce.ibmcloud.com/vulnerabilities/72012 https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3841 – WP Symposium <= 11.11.26 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3841
Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en uploadify/get_profile_avatar.php del componente WP Symposium en versiones anteriores a la 11.12.08 para WordPress. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro uid. • http://secunia.com/advisories/47243 http://secunia.com/secunia_research/2011-82 http://www.securityfocus.com/bid/51017 http://www.wpsymposium.com/2011/12/v11-12-08 https://exchange.xforce.ibmcloud.com/vulnerabilities/71748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •