Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6506

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6506
Last Modified 24 Jul 2014 12:46:41
Published 23 Jan 2013 08:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6506

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.

Vulnerable Systems

Application

  • Zingiri Web Shop 2.4.0


References

XF - zingiriwebshop-onecheckout-xss(75179)

XF - zingiriwebshop-zinginc-xss(75178)

BID - 53278

OSVDB - 81493

OSVDB - 81492

EXPLOIT-DB - 18787

CONFIRM - http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/

SECUNIA - 48991

CONFIRM - http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop


Last Updated: 27 May 2016 10:53:46