Summary
This host is installed with Wordpress Bonuspressx Plugin and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
No Solution or patch is available as of 16th May, 2014. Information regarding this issue will updated once the solution details are available.
For updates refer to http://wordpress.org/plugins
Insight
Input passed via HTTP GET parameter 'n' to /inc/ar_submit.php script is not properly sanitised before returning to the user.
Affected
WordPress Bonuspressx Plugin.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability