CVSS: 6.1EPSS: 4%CPEs: 2EXPL: 3CVE-2012-6506 – Zingiri Web Shop Plugin <= 2.4.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-6506
26 Apr 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin Zingiri Web Shop versión 2.4.0 para WordPress, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) page en el archivo z... • https://www.exploit-db.com/exploits/18787 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 76EXPL: 0CVE-2012-4033 – Zingiri Web Shop < 2.4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4033
18 Apr 2012 — Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en el plug-in Zingiri Web Shop antes de v2.4.0 para WordPress tienen un impacto y vectores de ataque desconocidos. The Zingiri Web Shop plugin for WordPress has multiple vulnerabilities in versions up to, and including, 2.3.7. This is due to the inclusion of timthumb.php, along with several cross-site scripting and SQL injection vu... • http://forums.zingiri.com/announcements.php?aid=2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •