CVE-2012-6506 – Zingiri Web Shop Plugin <= 2.4.1 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-6506

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin Zingiri Web Shop versión 2.4.0 para WordPress, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los parámetros (1) page en el archivo zing.inc.php o (2) notes en el archivo fws/pages-front/onecheckout.php. Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php. • https://www.exploit-db.com/exploits/18787 http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop http://secunia.com/advisories/48991 http://wordpress.org/extend/plugins/zingiri-web-shop/changelog http://www.exploit-db.com/exploits/18787 http://www.osvdb.org/81492 http://www.osvdb.org/81493 http://www.securityfocus.com/bid/53278 https://exchange.xforce.ibmcloud.com/vulnerabilities/75178 https://exchange.xforce.ibmcloud.com/v • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •