====================================================================== Secunia Research 12/12/2011 - WordPress WP Symposium Plugin "uid" Cross-Site Scripting - ====================================================================== Table of Contents Affected Software...................................................1 Severity............................................................2 Vendor's Description of Software....................................3 Description of Vulnerability........................................4 Solution............................................................5 Time Table..........................................................6 Credits.............................................................7 References..........................................................8 About Secunia.......................................................9 Verification.......................................................10 ====================================================================== 1) Affected Software * WordPress WP Symposium Plugin version 11.11.26. NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Less critical Impact: Cross-Site Scripting Where: From remote ====================================================================== 3) Vendor's Description of Software "WP Symposium turns a WordPress website into a Social Network!" Product Link: http://wordpress.org/extend/plugins/wp-symposium/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in the WP Symposium plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "uid" parameter to wp-content/plugins/wp-symposium /uploadify/get_profile_avatar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. ====================================================================== 5) Solution Update to version 11.12.08. ====================================================================== 6) Time Table 07/12/2011 - Vendor notified. 07/12/2011 - Vendor response. 08/12/2011 - Vendor released fixed version. 12/12/2011 - Public disclosure. ====================================================================== 7) Credits Discovered by Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2011-3841 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: https://www.flexera.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: https://www.flexera.com/about-us/secunia-research/advisories/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: https://www.flexera.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: https://www.flexera.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: https://www.flexera.com/about-us/secunia-research/advisories/sr-2011-82.html Complete list of vulnerability reports published by Secunia Research: https://www.flexera.com/about-us/secunia-research/advisories/ =====================================================================