Back to list
cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977
Oct 30 2010 03:13PM
Rodrigo Branco (rbranco checkpoint com)
I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability.
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
cforms WordPress Plugin Cross Site Scripting Vulnerability
According to Delicious Days, "cforms is a powerful and feature rich form plugin for WordPress, offering convenient deployment of multiple Ajax
driven contact forms throughout your blog or even on the same page."
This problem was confirmed in the following versions of the cforms WordPress Plugin, other versions
maybe also affected.
CVSS Scoring System
The CVSS score is: 5.5
Base Score: 6.7
Temporal Score: 5.5
We used the following values to calculate the scores:
Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:N
Temporal score is: E:F/RL:OF/RC:C
A data array is created in lib_ajax.php using values from a form field in a POST request. The parameters rs and rsargs are not validated and thus
it is possible to inject code.
POST /wp-content/plugins/cforms/lib_ajax.php HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:
22.214.171.124) Gecko/20100914 Firefox/3.6.10
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
c o m m e n t _ a u t h o r _ 9 3 f 4 1 b a 0 b 1 6 f 3 4 6 7 6 f 8 0 2 0 5 8 e 8 2 3 8 8 f 6 = t e s t ;
$<script>alert(1)</script>$#$rbranco_nospam (at) checkpoint (dot) com [email concealed]$#$http://
This vulnerability has been brought to our attention by Wagner Elias from Conviso IT Security company (http://www.conviso.com.br) and researched internally by Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT).
Rodrigo Rubira Branco
Senior Security Researcher
Vulnerability Discovery Team (VDT)
Check Point Software Technologies
[ reply ]
0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)
Feb 17 2012 04:41AM
Kousuke Ebihara (kousuke co3k org)
Copyright 2010, SecurityFocus