Cross-Site Scripting Vulnerabilities in Ubercart for Drupal
CVE-2008-1916

Currently unrated

Key Information:

Vendor: Drupal
Status: Ubercart Module
Vendor: CVE Published:; 23 April 2008

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the Ubercart module prior to version 5.x-1.0-rc1 for Drupal, allowing remote attackers to craft and inject arbitrary web scripts or HTML. This exploitation can occur through text fields meant for address and order information, which may be improperly rendered on the order view and other administrative pages, potentially leading to unauthorized access and manipulation of user data.

References

http://drupal.org/node/241944

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/1083/references

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/41624

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Apr 23, 2008
Vulnerability Reserved
Apr 21, 2008