Date: Tue, 12 Jan 2016 21:02:42 +0530 From: Rahul Pratap Singh <techno.rps@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request: WP Symposium Pro Social Network Plugin 16.1 XSS Vulnerability ##FULL DISCLOSURE #Product : WP Symposium Pro Social Network plugin #Home page Link : https://wordpress.org/plugins/wp-symposium-pro #Version : 16.1 #Date : 12/Jan/2016 XSS Vulnerability: Description: “user_id” parameter is not sanitized, that leads to reflected xss. POC: https://0x62626262.files.wordpress.com/2016/01/wpsymposiumpro16_1xsspoc.png Fix: Update to version 16.01.01 Disclosure Timeline: reported to vendor : 12/1/2016 vendor response : 12/1/2016 vendor acknowledged : 12/1/2016 vendor deployed a patch: 12/1/2016 Pub Ref: http://www.wpsymposiumpro.com/wp-symposium-pro-16-01-01-security-release/ https://wordpress.org/plugins/wp-symposium-pro/ https://0x62626262.wordpress.com/2016/01/12/wp-symposium-pro-social-network-plugin-xss-vulnerability
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.