Cross-Site Scripting Vulnerabilities in cforms Plugin for WordPress
CVE-2010-3977

Currently unrated

Key Information:

Vendor

Wordpress
Status
Cforms
Vendor
CVE Published:
3 November 2010

What is CVE-2010-3977?

The cforms WordPress plugin version 11.5 is susceptible to multiple cross-site scripting (XSS) vulnerabilities. These flaws exist in the lib_ajax.php file, allowing attackers to inject arbitrary web scripts or HTML through the 'rs' and 'rsargs[]' parameters. Successful exploitation of these vulnerabilities may enable remote attackers to execute scripts in the context of the affected user’s session, leading to compromised user data and potential site alterations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/44587
vdb-entryx_refsource_BID
http://secunia.com/advisories/42006
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/514579/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.