DRUPAL-CONTRIB-2025-110

This module allows you to use different currencies on your website and do currency conversion. The module doesn't sufficiently protect routes used to enable and disable currencies from Cross-Site Request Forgery CSRF attacks, potentially allowing an attacker to trick an admin into changing settin...

Arbitrary Price Manipulation

vendure is vulnerable to Arbitrary Price Manipulation. The vulnerability is due to the ability to specify an arbitrary currencyCode as a query parameter to an API call, allowing users to select any currencyCode and thus payments made through Mollie and Stripe in that particular currencyCode are...

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani...

NFT not minted when contributed via a supported payment terminal

Lines of code Vulnerability details Impact A contributor won't get an NFT they're eligible for if the payment is made through a payment terminal that's supported by the project but not by the NFT delegate. Proof of Concept A Juicebox project can use multiple payment terminals to receive...

تحويل العملات والصرف - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities

HackApp vulnerability scanner discovered that application تحويل العملات والصرف published at the 'play' market has multiple vulnerabilities...

CVE-2015-3342

Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter...

Open redirect

Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter...

CVE-2015-3342

The CVE-2015-3342 vulnerability affects the Ubercart Currency Conversion module for Drupal (versions 6.x prior to 6.x-1.2). The issue is an open redirect: user-supplied input in the destination query parameter is not properly validated, enabling remote attackers to redirect users to arbitrary sit...

CVE-2015-3342

Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter...

Drupal Ubercart Currency Conversion Module Open Redirect Vulnerability

Drupal is a free and open source content management system developed in PHP. An open redirection vulnerability exists in the Drupal Ubercart Currency Conversion module due to the application failing to properly process user-supplied input. An attacker is allowed to exploit this vulnerability to...

SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect

This module enables users to change the currency of Ubercart products. When switching the currency, the user is redirected to a page specified in the destination query parameter. The module was not checking that the passed argument was an internal URL, thereby leading to an open redirect...

Unfixed XSS vulnerability at www.forexticket.fr

Security researcher Atmon3r, has submitted on 01/08/2012 a cross-site-scripting XSS vulnerability affecting www.forexticket.fr, which at the time of submission ranked 65346 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/08/2012. It is...