Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress WP Symposium 插件跨站脚本漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress的WP Symposium插件中存在漏洞,恶意人员可利用该漏洞执行跨站脚本攻击。该漏洞源于通过"uid"参数到wp-content/plugins/wp-symposium/uploadify/get_profile_avatar.php的输入在返回给用户前未经正确过滤。攻击者可利用该漏洞在受影响站点上下文的用户浏览器会话上执行任意HTML和脚本
CVSS Information
N/A
Vulnerability Type
N/A