oss-sec mailing list archives
CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability
From: Rahul Pratap Singh <techno.rps () gmail com>
Date: Tue, 12 Jan 2016 21:02:42 +0530
##FULL DISCLOSURE #Product : WP Symposium Pro Social Network plugin #Home page Link : https://wordpress.org/plugins/wp-symposium-pro #Version : 16.1 #Date : 12/Jan/2016 XSS Vulnerability: Description: “user_id” parameter is not sanitized, that leads to reflected xss. POC: https://0x62626262.files.wordpress.com/2016/01/wpsymposiumpro16_1xsspoc.png Fix: Update to version 16.01.01 Disclosure Timeline: reported to vendor : 12/1/2016 vendor response : 12/1/2016 vendor acknowledged : 12/1/2016 vendor deployed a patch: 12/1/2016 Pub Ref: http://www.wpsymposiumpro.com/wp-symposium-pro-16-01-01-security-release/ https://wordpress.org/plugins/wp-symposium-pro/ https://0x62626262.wordpress.com/2016/01/12/wp-symposium-pro-social-network-plugin-xss-vulnerability
Current thread:
- CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability Rahul Pratap Singh (Jan 12)