Summary
This host is running cformsII WordPress Plugin and is prone to multiple HTML injection vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary code in the context of the application.
Impact Level: Application
Solution
Upgrade to cforms Version 11.6.1 or later.
For updates refer to http://www.deliciousdays.com/cforms-plugin/
Insight
The flaws are caused by improper validation of user-supplied input passed via the 'rs' and 'rsargs' parameters to wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
WordPress plugin cforms Version 11.5 and earlier.
References
Severity
Classification
-
CVE CVE-2010-3977 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability