Summary
This host is installed with WordPress dsIDXpress IDX Plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade to WordPress dsIDXpress IDX Plugin version 2.1.1 or later. For updates refer http://wordpress.org/plugins/dsidxpress/
Insight
Input passed via the 'action' GET parameter to client-assist.php script is not properly sanitised before returning to the user.
Affected
WordPress dsIDXpress IDX Plugin version 2.1.0 and prior.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-4521 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Afian 'includer.php' Directory Traversal Vulnerability
- Apache Struts Cross Site Scripting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability