Check Point Advisories

Preemptive Protection against WordPress cforms Plugin Cross-Site Scripting (XSS) Vulnerability

Check Point Reference: CPAI-2010-315
Date Published: 14 Nov 2010
Severity: High
Last Updated: Friday 01 January, 2010
Source: IPS Research Center
Industry Reference:CVE-2010-3977
Protection Provided by:
Who is Vulnerable? WordPress cforms users
Vulnerability Description A cross-site scripting (XSS) vulnerability has been reported in the cforms plugin for WordPress. cforms is a highly customizable, flexible and powerful form builder plugin, covering a variety of use cases and features from attachments to multi-form management. A remote attacker may exploit this vulnerability to run malicious scripts on an affected system.
Vulnerability DetailsThe vulnerability is due to an input validation error in lib_ajax.php that fails to adequately sanitized POST requests. A remote attacker can exploit this issue to execute a cross-site scripting attack via a maliciously crafted POST request. Successful exploitation of this vulnerability could allow the attacker to inject JavaScript code into the web pages viewed by other users.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK