CVE-2012-6506

Zingiri Web Shop - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/18787

View Code ZIP pw:eip

References (9)

[Exploit, Patch] http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop

[Vendor Advisory] http://secunia.com/advisories/48991

[Product] http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/

[Exploit] http://www.exploit-db.com/exploits/18787

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75178

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75179

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/53278

[Third Party Advisory, VDB Entry] http://www.osvdb.org/81492

[Third Party Advisory, VDB Entry] http://www.osvdb.org/81493

Scores

EPSS 0.0474

EPSS Percentile 89.3%

Details

CWE

CWE-79

Status published

Products (2)

zingiri/zingiri_web_shop

n/a/n/a

Published Jan 24, 2013

Tracked Since Feb 18, 2026