CVE-2010-3977 – CformsII <=11.5 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-3977

Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en wp-content/plugins/cforms/lib_ajax.php en el plugin cforms WordPress v11.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) rs y (2) rsargs[]. Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cformsII(cforms 2) WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters. The cforms WordPress plugin suffers from a cross site scripting vulnerability. Version 11.5 is affected. • https://www.exploit-db.com/exploits/34946 http://secunia.com/advisories/42006 http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977 http://www.securityfocus.com/archive/1/514579/100/0/threaded http://www.securityfocus.com/bid/44587 https://exchange.xforce.ibmcloud.com/vulnerabilities/62938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •