Summary
This host is installed with Wordpress
Contact Form 7 Integrations and is prone to multiple cross site scripting vulnerabilities.
Impact
Successful exploitation will allow attacker
to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to version 1.3.11 or later,
For updates refer to https://wordpress.org/plugins/contact-form-7-integrations
Insight
Flaws are due to the includes/toAdmin.php
script does not validate input passed via 'uE' and 'uC' parameters.
Affected
Wordpress Contact Form 7 Integrations
version 1.0 to 1.3.10
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-6445 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability