CVE-2010-3977
CVE-2010-3977 affects the WordPress plugin cforms (version 11.5) via the file wp-content/plugins/cforms/lib_ajax.php . The root cause is improper validation/sanitation of user-supplied input in the rs and rsargs[] parameters, enabling remote attackers to inject arbitrary HTML/JavaScript (XSS) int...