CVE-2010-3977
cforms 11.5 - Cross-Site Scripting via rs and rsargs[] Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-3977. PoCs published by Wagner Elias.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the cformsII WordPress plugin by injecting malicious script tags into POST parameters. The vulnerability arises due to insufficient input sanitization in the `lib_ajax.php` endpoint.
Description
Multiple cross-site scripting (XSS) vulnerabilities in wp-content/plugins/cforms/lib_ajax.php in cforms WordPress plugin 11.5 allow remote attackers to inject arbitrary web script or HTML via the (1) rs and (2) rsargs[] parameters.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in the cformsII WordPress plugin by injecting malicious script tags into POST parameters. The vulnerability arises due to insufficient input sanitization in the `lib_ajax.php` endpoint.