2 matches found
CVE-2012-1639
CVE-2012-1639 describes multiple cross-site scripting (XSS) vulnerabilities in the Drupal Commerce module for Drupal, specifically in the file product/commerce_product.module. The issue affects Drupal Commerce 7.x-1.1 and allows remote authenticated users to inject arbitrary web script or HTML vi...
CVE-2014-9025
The CVE corresponds to Drupal Commerce 7.x-1.x before 7.x-1.10, where the default checkout completion rule creates new user accounts with the email address as the username. This may disclose email addresses (information disclosure) to remote attackers via the checkout flow. Affected software: Dru...