Summary
This host is installed with WordPress dsIDXpress IDX Plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Impact Level: Application
Solution
Upgrade to WordPress dsIDXpress IDX Plugin version 2.1.1 or later. For updates refer http://wordpress.org/plugins/dsidxpress/
Insight
Input passed via the 'action' GET parameter to client-assist.php script is not properly sanitised before returning to the user.
Affected
WordPress dsIDXpress IDX Plugin version 2.1.0 and prior.
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-4521 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability