Date: Tue, 12 Jan 2016 21:02:42 +0530 From: Rahul Pratap Singh <techno.rps@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability ##FULL DISCLOSURE #Product : WP Symposium Pro Social Network plugin #Home page Link : https://wordpress.org/plugins/wp-symposium-pro #Version : 16.1 #Date : 12/Jan/2016 XSS Vulnerability: Description: “user_id” parameter is not sanitized, that leads to reflected xss. POC: https://0x62626262.files.wordpress.com/2016/01/wpsymposiumpro16_1xsspoc.png Fix: Update to version 16.01.01 Disclosure Timeline: reported to vendor : 12/1/2016 vendor response : 12/1/2016 vendor acknowledged : 12/1/2016 vendor deployed a patch: 12/1/2016 Pub Ref: http://www.wpsymposiumpro.com/wp-symposium-pro-16-01-01-security-release/ https://wordpress.org/plugins/wp-symposium-pro/ https://0x62626262.wordpress.com/2016/01/12/wp-symposium-pro-social-network-plugin-xss-vulnerability
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ