Cross site scripting

Cross-site scripting XSS vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter...

CVE-2013-2695

CVE-2013-2695 concerns the WordPress WP Symposium plugin prior to 13.04, with a cross-site scripting (XSS) flaw in invite.php. The vulnerability allows remote attackers to inject arbitrary script/HTML through the u parameter. Affected component: invite.php in the WP Symposium plugin. Root cause: ...

WordPress Symposium Plugin <= 13.03 - XSS

Because of this vulnerability in invite.php in, the attackers can inject arbitrary web script or HTML via the "u" parameter. Solution Update the plugin...

WordPress Symposium Plugin <= 13.03 - Open Redirection

Because of this vulnerability in invite.php, the attackers can redirect users to arbitrary web sites and conduct phishing attacks via a URL in the "u" parameter. Solution Update the plugin...

CVE-2005-2545

Multiple cross-site scripting XSS vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 content parameter to profile.php and profilemisc.php, 3 the profile fields in userpage.php, 4 subject or 5 body in mail.php, or 8...