Show filters
26 Total Results
Displaying 21-26 of 26
Sort by:
Attacker Value
Unknown

CVE-2009-4773

Disclosure Date: April 20, 2010 (last updated October 04, 2023)
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
0
Attacker Value
Unknown

CVE-2009-4771

Disclosure Date: April 20, 2010 (last updated October 04, 2023)
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.
0
Attacker Value
Unknown

CVE-2008-1978

Disclosure Date: April 27, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
0
Attacker Value
Unknown

CVE-2008-1916

Disclosure Date: April 23, 2008 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.
0
Attacker Value
Unknown

CVE-2008-1428

Disclosure Date: March 20, 2008 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.
0
Attacker Value
Unknown

CVE-2007-5621

Disclosure Date: October 22, 2007 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.
0