5 matches found
VulnCheck KEV: CVE-2013-0322
Cross-site scripting XSS vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...
CVE-2013-0322
Cross-site scripting XSS vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...
CVE-2013-0322
Cross-site scripting XSS vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field...
CVE-2013-0322
CVE-2013-0322 affects the Drupal Ubercart module (7.x-3.x) prior to 7.x-3.4, with the XSS vulnerability arising in the Views integration when processing the full name field. The root cause is unsanitized output in the full name field, allowing remote attackers to inject arbitrary script/HTML. Pub...
SA-CONTRIB-2013-020 - Ubercart - Cross site scripting (XSS)
The Ubercart module for Drupal provides a shopping cart and e-commerce features for Drupal. The "full name" field in Views did not properly sanitize output. The vulnerability is mitigated by the fact that an attacker must get far enough in the checkout process to store their name with an order. C...