Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deliciousdays | Cforms | 11.5 |
| Wordpress | Wordpress | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/42006Vendor Advisory
- http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010Vendor Advisory
- http://www.securityfocus.com/archive/1/514579/100/0/threaded
- http://www.securityfocus.com/bid/44587Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62938
- http://secunia.com/advisories/42006Vendor Advisory
- http://www.conviso.com.br/security-advisory-cform-wordpress-plugin-v-11-cve-2010Vendor Advisory
- http://www.securityfocus.com/archive/1/514579/100/0/threaded
- http://www.securityfocus.com/bid/44587Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62938
FAQ
What is CVE-2010-3977?
CVE-2010-3977 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ...
How severe is CVE-2010-3977?
CVE-2010-3977 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3977?
Check the references section above for vendor advisories and patch information. Affected products include: Deliciousdays Cforms, Wordpress Wordpress.