Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ubercart ubercart - vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2015-4354
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module prior to 6.x-1.8 and 7.x prior to 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
Ubercart Webform Integration Project Ubercart Webform Integration 7.x-1.0
Ubercart Webform Integration Project Ubercart Webform Integration 6.x-1.0
Ubercart Webform Integration Project Ubercart Webform Integration 7.x-2.0
516
VMScore
CVE-2012-5802
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid certifi...
Ubercart Ubercart -
Paypal Paypal -
516
VMScore
CVE-2012-5803
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid ...
Ubercart Ubercart -
Irata Authorize.net Module -
516
VMScore
CVE-2012-5804
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid ce...
Ubercart Ubercart -
Cybersource Module Project Cybersource -
516
VMScore
CVE-2015-3342
Open redirect vulnerability in the Ubercart Currency Conversion module prior to 6.x-1.2 for Drupal allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination query parameter.
Ubercart Currency Conversion Project Ubercart Currency Conversion
312
VMScore
CVE-2015-4384
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x prior to 6.x-3.10 and 7.x-3.x prior to 7.x-3.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
Ubercart Webform Checkout Pane Project Ubercart Webform Checkout Pane 6.x-3.x
Ubercart Webform Checkout Pane Project Ubercart Webform Checkout Pane 7.x-3.x
383
VMScore
CVE-2008-1428
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x prior to 5.x-1.0-beta7 module for Drupal allow remote malicious users to inject arbitrary web script or HTML via a text attribute value for a product.
Drupal Ubercart Module
668
VMScore
CVE-2015-5504
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Novalnet Novalnet Payment Module Ubercart-
383
VMScore
CVE-2008-1916
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x prior to 5.x-1.0-rc1 module for Drupal allow remote malicious users to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on ...
Drupal Ubercart Module 5-1.0
312
VMScore
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Drupal 5.2
Drupal E-commerce Module
Drupal Token Module
Drupal Asin Field Module
Drupal Drupal 4.7
Drupal Node Relativity Module
Drupal Pathauto Module
Drupal Drupal 5.0
Drupal Drupal 5.1
Drupal Paypal Node Module
Drupal Ubercart Module
Drupal Fullname Field For Cck
Drupal Invite Module
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »