CVE-2012-6506

{"id": "CVE-2012-6506", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-01-24T01:55:04.317", "references": [{"url": "http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48991", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/18787", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/81492", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/81493", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/53278", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75178", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75179", "source": "cve@mitre.org"}, {"url": "http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/48991", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/18787", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/81492", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/81493", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/53278", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75178", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75179", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el plugin Zingiri Web Shop versi\u00f3n 2.4.0 para WordPress, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de los par\u00e1metros (1) page en el archivo zing.inc.php o (2) notes en el archivo fws/pages-front/onecheckout.php."}], "lastModified": "2024-11-21T01:46:14.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zingiri:zingiri_web_shop:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07626EDD-D694-4524-AC51-F77C758B56C4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}