Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zingiri | Zingiri Web Shop | 2.4.0 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-sExploitPatch
- http://secunia.com/advisories/48991Vendor Advisory
- http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/
- http://www.exploit-db.com/exploits/18787Exploit
- http://www.osvdb.org/81492
- http://www.osvdb.org/81493
- http://www.securityfocus.com/bid/53278
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75179
- http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-sExploitPatch
- http://secunia.com/advisories/48991Vendor Advisory
- http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/
- http://www.exploit-db.com/exploits/18787Exploit
- http://www.osvdb.org/81492
- http://www.osvdb.org/81493
FAQ
What is CVE-2012-6506?
CVE-2012-6506 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing....
How severe is CVE-2012-6506?
CVE-2012-6506 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6506?
Check the references section above for vendor advisories and patch information. Affected products include: Zingiri Zingiri Web Shop, Wordpress Wordpress.