Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal ubercart module vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2008-1428
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x prior to 5.x-1.0-beta7 module for Drupal allow remote malicious users to inject arbitrary web script or HTML via a text attribute value for a product.
Drupal Ubercart Module
312
VMScore
CVE-2008-1978
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x prior to 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
Drupal Ubercart Module
383
VMScore
CVE-2008-1916
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x prior to 5.x-1.0-rc1 module for Drupal allow remote malicious users to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on ...
Drupal Ubercart Module 5-1.0
312
VMScore
CVE-2007-5621
Multiple cross-site scripting (XSS) vulnerabilities in the Token module prior to 4.7.x-1.5, and 5.x prior to 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote auth...
Drupal Invite Module
Drupal Token Module
Drupal Drupal 5.2
Drupal Paypal Node Module
Drupal Node Relativity Module
Drupal Ubercart Module
Drupal Drupal 5.0
Drupal Pathauto Module
Drupal Drupal 4.7
Drupal E-commerce Module
Drupal Drupal 5.1
Drupal Asin Field Module
Drupal Fullname Field For Cck
668
VMScore
CVE-2015-5504
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Novalnet Novalnet Payment Module Ubercart-
445
VMScore
CVE-2012-4482
The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote malicious users to purchase an item without paying via unspecified vectors.
Longwaveconsulting Ubercart Securetrading Payment Method Module 6.x-1.0
534
VMScore
CVE-2012-2301
The Ubercart module 6.x-2.x prior to 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
Ubercart Ubercart 6.x-2.4
Ubercart Ubercart 6.x-2.7
Ubercart Ubercart 6.x-2.2
Ubercart Ubercart 6.x-2.1
Ubercart Ubercart 6.x-2.3
Ubercart Ubercart 6.x-2.6
Ubercart Ubercart 6.x-2.0
605
VMScore
CVE-2013-7302
Session fixation vulnerability in the Ubercart module 6.x-2.x prior to 6.x-2.13 and 7.x-3.x prior to 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote malicious users to hijack web sessions by leveraging knowledge of the...
Ubercart Ubercart 6.x-2.0
Ubercart Ubercart 6.x-2.1
Ubercart Ubercart 6.x-2.2
Ubercart Ubercart 6.x-2.3
Ubercart Ubercart 6.x-2.4
Ubercart Ubercart 6.x-2.6
Ubercart Ubercart 6.x-2.7
Ubercart Ubercart 6.x-2.8
Ubercart Ubercart 6.x-2.9
Ubercart Ubercart 6.x-2.10
Ubercart Ubercart 6.x-2.11
Ubercart Ubercart 6.x-2.12
Ubercart Ubercart 7.x-3.0
Ubercart Ubercart 7.x-3.1
Ubercart Ubercart 7.x-3.2
Ubercart Ubercart 7.x-3.3
Ubercart Ubercart 7.x-3.4
Ubercart Ubercart 7.x-3.5
445
VMScore
CVE-2009-4771
The PayPal Website Payments Standard functionality in the Ubercart module 5.x prior to 5.x-1.9 and 6.x prior to 6.x-2.1 for Drupal does not properly validate orders, which allows remote malicious users to trigger unspecified "duplicate actions" via unknown vectors.
Ubercart Ubercart 5.x-1.0
Ubercart Ubercart 5.x-1.1
Ubercart Ubercart 5.x-1.2
Ubercart Ubercart 5.x-1.3
Ubercart Ubercart 5.x-1.4
Ubercart Ubercart 5.x-1.5
Ubercart Ubercart 5.x-1.6
Ubercart Ubercart 5.x-1.7
Ubercart Ubercart 5.x-1.8
Ubercart Ubercart 6.x-2.0
605
VMScore
CVE-2009-4773
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x prior to 5.x-1.9 and 6.x prior to 6.x-2.1 for Drupal allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Ubercart Ubercart 5.x-1.0
Ubercart Ubercart 5.x-1.1
Ubercart Ubercart 5.x-1.2
Ubercart Ubercart 5.x-1.3
Ubercart Ubercart 5.x-1.4
Ubercart Ubercart 5.x-1.5
Ubercart Ubercart 5.x-1.6
Ubercart Ubercart 5.x-1.7
Ubercart Ubercart 5.x-1.8
Ubercart Ubercart 6.x-2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »