Summary
This host is installed with Wordpress Bonuspressx Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
No Solution or patch is available as of 16th May, 2014. Information regarding this issue will updated once the solution details are available.
For updates refer to http://wordpress.org/plugins
Insight
Input passed via HTTP GET parameter 'n' to /inc/ar_submit.php script is not properly sanitised before returning to the user.
Affected
WordPress Bonuspressx Plugin.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability