Cross-Site Scripting Vulnerabilities in cforms Plugin for WordPress
CVE-2010-3977

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cforms
Vendor: CVE Published:; 3 November 2010

Summary

The cforms WordPress plugin version 11.5 is susceptible to multiple cross-site scripting (XSS) vulnerabilities. These flaws exist in the lib_ajax.php file, allowing attackers to inject arbitrary web scripts or HTML through the 'rs' and 'rsargs[]' parameters. Successful exploitation of these vulnerabilities may enable remote attackers to execute scripts in the context of the affected user’s session, leading to compromised user data and potential site alterations.

References

http://www.securityfocus.com/bid/44587

vdb-entryx_refsource_BID

http://secunia.com/advisories/42006

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/514579/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Nov 3, 2010
Vulnerability Reserved
Oct 18, 2010