CVE-2012-6506

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
zingirizingiri_web_shop
2.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop
http://secunia.com/advisories/48991
http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/
http://www.exploit-db.com/exploits/18787
http://www.osvdb.org/81492
http://www.osvdb.org/81493
http://www.securityfocus.com/bid/53278
https://exchange.xforce.ibmcloud.com/vulnerabilities/75178
https://exchange.xforce.ibmcloud.com/vulnerabilities/75179
http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop
http://secunia.com/advisories/48991
http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/
http://www.exploit-db.com/exploits/18787
http://www.osvdb.org/81492
http://www.osvdb.org/81493
http://www.securityfocus.com/bid/53278
https://exchange.xforce.ibmcloud.com/vulnerabilities/75178
https://exchange.xforce.ibmcloud.com/vulnerabilities/75179