Summary
This host is running cformsII WordPress Plugin and is prone to multiple HTML injection vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary code in the context of the application.
Impact Level: Application
Solution
Upgrade to cforms Version 11.6.1 or later.
For updates refer to http://www.deliciousdays.com/cforms-plugin/
Insight
The flaws are caused by improper validation of user-supplied input passed via the 'rs' and 'rsargs' parameters to wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
WordPress plugin cforms Version 11.5 and earlier.
References
Severity
Classification
-
CVE CVE-2010-3977 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- An Image Gallery Directory Traversal Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability