Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8809

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-8809
Last Modified 29 Dec 2014 06:14:25
Published 24 Dec 2014 01:59:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8809

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php.

Vulnerable Systems

Application

  • Wpsymposium Wp Symposium 14.10


References

CONFIRM - http://www.wpsymposium.com/release-information-for-v14-11/

MISC - http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html


Last Updated: 27 May 2016 11:07:22