CVE-2012-6506
Zingiri Web Shop 2.4.0 - Cross-Site Scripting via Page or Notes Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6506. PoCs published by Mehmet Ince.
AI-analyzed exploit summary The exploit details multiple XSS vulnerabilities in the Wordpress Zingiri Web Shop Plugin <= 2.4.0, including a basic XSS via the 'page' parameter and a stored XSS via the 'notes' POST variable. The writeup provides step-by-step instructions for exploitation but does not include executable code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
Exploits (1)
The exploit details multiple XSS vulnerabilities in the Wordpress Zingiri Web Shop Plugin <= 2.4.0, including a basic XSS via the 'page' parameter and a stored XSS via the 'notes' POST variable. The writeup provides step-by-step instructions for exploitation but does not include executable code.