3 matches found
CVE-2013-0321
Cross-site scripting XSS vulnerability in Views in the Ubercart Views ucviews module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...
CVE-2013-0321
Cross-site scripting XSS vulnerability in Views in the Ubercart Views ucviews module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...
SA-CONTRIB-2013-019 - Ubercart Views - Cross site scripting (XSS)
Ubercart Views provides Views integration for the Ubercart shopping cart module. The "full name" field in Views is not properly sanitized on output. The vulnerability is mitigated by the fact that an attacker must get far enough in the checkout process to store their name with an order. CVE...