CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
81.1%
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
Vendor | Product | Version | CPE |
---|---|---|---|
zingiri | zingiri_web_shop | 2.4.0 | cpe:2.3:a:zingiri:zingiri_web_shop:2.4.0:*:*:*:*:*:*:* |
wordpress | wordpress | - | cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:* |
plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop
secunia.com/advisories/48991
wordpress.org/extend/plugins/zingiri-web-shop/changelog/
www.exploit-db.com/exploits/18787
www.osvdb.org/81492
www.osvdb.org/81493
www.securityfocus.com/bid/53278
exchange.xforce.ibmcloud.com/vulnerabilities/75178
exchange.xforce.ibmcloud.com/vulnerabilities/75179