2 matches found
CVE-2015-3342
The CVE-2015-3342 vulnerability affects the Ubercart Currency Conversion module for Drupal (versions 6.x prior to 6.x-1.2). The issue is an open redirect: user-supplied input in the destination query parameter is not properly validated, enabling remote attackers to redirect users to arbitrary sit...
SA-CONTRIB-2015-019 - Ubercart Currency Conversion - Open Redirect
This module enables users to change the currency of Ubercart products. When switching the currency, the user is redirected to a page specified in the destination query parameter. The module was not checking that the passed argument was an internal URL, thereby leading to an open redirect...