Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against WordPress cforms Plugin Cross-Site Scripting (XSS) Vulnerability

Subscribe

Check Point Reference: CPAI-2010-315
Date Published:
Preemptive Since:
Severity:
Source: IPS Research Center
Industry Reference(s): CVE-2010-3977
Protection Provided by: Security Gateway
  • R71
  • R70
VPN-1
  • NGX R65
VSX
  • NGX R65
Who is Vulnerable?
WordPress cforms users
Vulnerability Description
A cross-site scripting (XSS) vulnerability has been reported in the cforms plugin for WordPress. cforms is a highly customizable, flexible and powerful form builder plugin, covering a variety of use cases and features from attachments to multi-form management. A remote attacker may exploit this vulnerability to run malicious scripts on an affected system.
Vulnerability Details
The vulnerability is due to an input validation error in lib_ajax.php that fails to adequately sanitized POST requests. A remote attacker can exploit this issue to execute a cross-site scripting attack via a maliciously crafted POST request. Successful exploitation of this vulnerability could allow the attacker to inject JavaScript code into the web pages viewed by other users.

Protection Overview
This protection will detect and block Cross-Site Scripting attacks. No update is required to address this vulnerability.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R70/R71

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Web Intelligence > Application Layer.
2. In the right pane, double-click the Cross-Site Scripting protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. The protection can be applied either to all HTTP traffic or to selected web servers.

- If you choose to apply the protection to all HTTP traffic, change the security level to Low.

- If you choose to apply the protection to selected web servers:
I. Next to "Apply to selected web servers" click Customize.
II. Choose the relevant web server and click Configure Default.
III. Change the Security Level to Low and click OK. 

5. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in request

VPN-1 NGX R65 & VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Web Intelligence > Application Layer > Cross Site Scripting.
2. In the configuration pane, under Settings > Mode, check Active.
3. The protection can be applied either to all HTTP traffic or to selected web servers. 
4. Change the security level to Low. If you choose to apply the protection to selected web servers:
I. Next to "Apply to selected web servers" click Customize.
II. Choose the relevant web server and click Edit.
III. Next to "Cross Site Scripting" click Advanced
IV. Change the Security Level to Low and click OK.
5. Install policy on all modules. 

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Cross Site Scripting
Attack Information: Cross site scripting detected in request