Cross-Site Scripting Vulnerabilities in cforms Plugin for WordPress
CVE-2010-3977
Currently unrated
What is CVE-2010-3977?
The cforms WordPress plugin version 11.5 is susceptible to multiple cross-site scripting (XSS) vulnerabilities. These flaws exist in the lib_ajax.php file, allowing attackers to inject arbitrary web scripts or HTML through the 'rs' and 'rsargs[]' parameters. Successful exploitation of these vulnerabilities may enable remote attackers to execute scripts in the context of the affected user’s session, leading to compromised user data and potential site alterations.