4 matches found
CVE-2007-5621
CVE-2007-5621 involves multiple cross-site scripting (XSS) vulnerabilities in the Drupal Token module. Affected are Token versions before 4.7.x-1.5 and 5.x before 5.x-1.9, as used by modules such as ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, an...
CVE-2008-1978
The CVE-2008-1978 entry describes an XSS vulnerability in the Ubercart 5.x for Drupal, specifically in the Ubercart 5.x before 5.x-1.0 rc3 module. The issue allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features (a vector d...
CVE-2008-1428
CVE-2008-1428 refers to multiple XSS vulnerabilities in the Ubercart 5.x for Drupal, exploitable via a text attribute value for a product. Affected release: Ubercart 5.x before 5.x-1.0-beta7. Connected documents confirm related Ubercart XSS CVEs with different vectors (e.g., node titles, address/...
CVE-2008-1916
CVE-2008-1916 is an XSS vulnerability in Ubercart 5.x for Drupal, exploitable via text fields for address and order information that are displayed on the order view and other admin pages. The connected PRION entries corroborate the vector as text attribute values for product-related fields, with ...