Test ID:	1.3.6.1.4.1.25623.1.0.801628
Category:	Web application abuses
Title:	WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities
Summary:	cformsII WordPress Plugin is prone to multiple HTML injection vulnerabilities.
Description:	Summary: cformsII WordPress Plugin is prone to multiple HTML injection vulnerabilities. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input passed via the 'rs' and 'rsargs' parameters to wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute arbitrary HTML and script code on the web server. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code in the context of the application. Affected Software/OS: WordPress plugin cforms Version 11.5 and earlier. Solution: Update to cforms Version 11.6.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3977 BugTraq ID: 44587 http://www.securityfocus.com/bid/44587 Bugtraq: 20101030 cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977 (Google Search) http://www.securityfocus.com/archive/1/514579/100/0/threaded http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/ http://secunia.com/advisories/42006 XForce ISS Database: cforms-libajax-xss(62938) https://exchange.xforce.ibmcloud.com/vulnerabilities/62938
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.