Lucene search

K
patchstackWagner EliasPATCHSTACK:2F20A9DDD8D69C221F2C2CA471007FAC
HistoryNov 01, 2010 - 12:00 a.m.

WordPress CformsII Plugin 11.5 / 13.1 - Multiple Cross-Site Scripting Vulnerabilities

2010-11-0100:00:00
Wagner Elias
patchstack.com
6

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CformsII plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible.

Solution

           Update the plugin. 
CPENameOperatorVersion
cformsiieq11.5

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N