Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ubercart ubercart - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-4354
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module prior to 6.x-1.8 and 7.x prior to 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
Ubercart Webform Integration Project Ubercart Webform Integration 7.x-1.0
Ubercart Webform Integration Project Ubercart Webform Integration 6.x-1.0
Ubercart Webform Integration Project Ubercart Webform Integration 7.x-2.0
NA
CVE-2012-5802
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certifi...
Ubercart Ubercart -
Paypal Paypal -
NA
CVE-2012-5803
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid ...
Ubercart Ubercart -
Irata Authorize.net Module -
NA
CVE-2012-5804
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid ce...
Ubercart Ubercart -
Cybersource Module Project Cybersource -
NA
CVE-2015-3342
Open redirect vulnerability in the Ubercart Currency Conversion module prior to 6.x-1.2 for Drupal allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter.
Ubercart Currency Conversion Project Ubercart Currency Conversion
NA
CVE-2015-4384
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x prior to 6.x-3.10 and 7.x-3.x prior to 7.x-3.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
Ubercart Webform Checkout Pane Project Ubercart Webform Checkout Pane 6.x-3.x
Ubercart Webform Checkout Pane Project Ubercart Webform Checkout Pane 7.x-3.x
NA
CVE-2008-1428
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x prior to 5.x-1.0-beta7 module for Drupal allow remote malicious users to inject arbitrary web script or HTML via a text attribute value for a product.
Drupal Ubercart Module
NA
CVE-2015-5504
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Novalnet Novalnet Payment Module Ubercart-
NA
CVE-2008-1916
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x prior to 5.x-1.0-rc1 module for Drupal allow remote malicious users to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on ...
Drupal Ubercart Module 5-1.0
NA
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Drupal 5.2
Drupal E-commerce Module
Drupal Token Module
Drupal Asin Field Module
Drupal Drupal 4.7
Drupal Node Relativity Module
Drupal Pathauto Module
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Paypal Node Module
Drupal Ubercart Module
Drupal Fullname Field For Cck
Drupal Invite Module
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »