CVE-2012-6506 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.

Reference

http://plugins.trac.wordpress.org/changeset?reponame=&old=53761340zingiri-web-shop&new=53761340zingiri-web-shop http://secunia.com/advisories/48991 http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/ http://www.exploit-db.com/exploits/18787 http://www.osvdb.org/81492 http://www.osvdb.org/81493 http://www.securityfocus.com/bid/53278 https://exchange.xforce.ibmcloud.com/vulnerabilities/75178 https://exchange.xforce.ibmcloud.com/vulnerabilities/75179