CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2694 – WP Symposium <= 13.04 - Open Redirection
https://notcve.org/view.php?id=CVE-2013-2694
Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter. Vulnerabilidad de redirección abierta en invite.php en el plugin WP Symposium 13.04 para WordPress permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques phishing a través de una URL en el parámetro u. • http://osvdb.org/92274 http://secunia.com/advisories/52925 http://www.securityfocus.com/bid/59045 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3841 – WP Symposium <= 11.11.26 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-3841
Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en uploadify/get_profile_avatar.php del componente WP Symposium en versiones anteriores a la 11.12.08 para WordPress. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro uid. • http://secunia.com/advisories/47243 http://secunia.com/secunia_research/2011-82 http://www.securityfocus.com/bid/51017 http://www.wpsymposium.com/2011/12/v11-12-08 https://exchange.xforce.ibmcloud.com/vulnerabilities/71748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •