CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
99.7%
The Ubercart module for Drupal provides a shopping cart and e-commerce features for Drupal.
The “full name” field in Views did not properly sanitize output.
The vulnerability is mitigated by the fact that an attacker must get far enough in the checkout process to store their name with an order.
Drupal core is not affected. If you do not use the contributed Ubercart module, there is nothing you need to do.
Install the latest version:
Also see the Ubercart project page.