2 matches found
CVE-2014-8809
Multiple cross-site scripting XSS vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 text parameter in an addComment action to ajax/profilefunctions.php, 2 composetext parameter in a sendMail action to...
CVE-2014-8809
WP Symposium plugin for WordPress (pre-14.11) contains multiple XSS vulnerabilities. Attack vectors include: (1) text parameter in addComment via ajax/profile_functions.php, (2) compose_text in sendMail via ajax/mail_functions.php, (3) comment in add_comment via ajax/lounge_functions.php, and (4)...