This host is installed with WordPress dsIDXpress IDX Plugin and is prone to cross-site scripting vulnerability.

Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application

Upgrade to WordPress dsIDXpress IDX Plugin version 2.1.1 or later. For updates refer http://wordpress.org/plugins/dsidxpress/

Input passed via the 'action' GET parameter to client-assist.php script is not properly sanitised before returning to the user.

WordPress dsIDXpress IDX Plugin version 2.1.0 and prior.

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

• http://codevigilant.com/disclosure/wp-plugin-dsidxpress-a3-cross-site-scripting-xss/
• http://wordpress.org/plugins/dsidxpress/changelog/
• http://www.osvdb.com/108655

---

Updated on 2015-03-25