Search criteria
36 vulnerabilities found for ubercart by ubercart
FKIE_CVE-2014-9026
Vulnerability from fkie_nvd - Published: 2014-11-20 17:50 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.1 | |
| ubercart | ubercart | 7.x-3.2 | |
| ubercart | ubercart | 7.x-3.3 | |
| ubercart | ubercart | 7.x-3.4 | |
| ubercart | ubercart | 7.x-3.5 | |
| ubercart | ubercart | 7.x-3.6 | |
| ubercart | ubercart | 7.x-3.7 | |
| ubercart | ubercart | 7.x-3.x-dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "D29EEA52-96A0-44C1-9071-B6EC9E6F8188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "419FF425-63BD-49D1-84A3-8D0C1CDA751F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "293C5C01-8107-4BD7-AD51-F5C15FE0F66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "FF9D8CEC-352B-4656-BBCF-03D5B2FFF8B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "7499E4CD-6983-46DE-AA79-90F444209EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "D20B8F86-B193-49B8-8E72-64D14E68044F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "758AA6A4-7824-4C6B-A278-618772EBAE09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:drupal:*:*",
"matchCriteriaId": "820CAF34-D490-4C2D-B461-9D10F2F52A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "4F16BEE5-8477-4D59-B4EB-34DD5EB1D422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "13602E33-A429-41C0-8CDA-C8C4EA3B6312",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "D1CEE3CD-B16B-4DE4-8788-E7AA63700A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:drupal:*:*",
"matchCriteriaId": "FC73007D-B606-4F00-9C81-ACDC5480B87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "5053FE19-96CB-4326-9DF9-CBC964A2CF84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "EC4CE436-D86F-42B7-8050-278D7FB3CA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "1F162A40-ED3B-4188-B571-DCFE4E74DAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "E16BE816-EE47-478D-96C5-7010C6245DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "72DFE9B2-0A8A-4AEE-BD90-22097C8A396F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "38067B2B-634D-4C96-90CB-1A1E6A93F09F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "2DBB449B-2436-4231-91B2-C8648A3FEDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.x-dev:*:*:*:*:drupal:*:*",
"matchCriteriaId": "7FD6E5A5-303F-420E-8AF1-0B5BE8A4DCD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the \"view own orders\" permission to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Ubercart 7.x-3.x anterior 7.x-3.7 para Drupal no protege correctamente la visualizaci\u00f3n del orden del historial de cada usuario, lo que permite a usuarios remotos autenticados con el permiso \u0027visualizar propios ordenes\u0027 obtener informaci\u00f3n sensible a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2014-9026",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-20T17:50:15.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2336109"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2336259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2336109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2336259"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2301
Vulnerability from fkie_nvd - Published: 2014-11-16 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "2BCBA1DC-F8A5-4F2F-9752-28CC6C8FFD2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "810AB8A1-2985-4CD1-B35E-7F4409681B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "31A48AE4-6112-41DC-AA23-E41A9C998506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "86215DE2-5454-4B5C-B8B6-AC6EC6AD428B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "8C60FC17-5C92-4816-9C1D-8F1175216A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "5EA1FA09-3303-4CA4-AEEA-FD0E83BC787D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "83C4A799-5ABE-47D6-83BF-828CFA44EC17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the \"administer product classes\" permission to execute arbitrary PHP code via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Ubercat 6.x-2.x anterior a 6.x-2.8 para Drupal permite a usuarios remotos autenticados con permisos de administraci\u00f3n de clases de productos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-2301",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T02:59:00.137",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547506"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547508"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://drupal.org/node/1547674"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48935"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://drupal.org/node/1547674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53251"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-7302
Vulnerability from fkie_nvd - Published: 2014-04-29 14:38 - Updated: 2025-04-12 10:46
Severity ?
Summary
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52ED25DF-7F6B-4725-B837-C544F5D7CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF3F0CC-434F-4BB5-A1E0-C8D9A840249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38526BF4-4387-48DB-B297-6F723C2C16C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75364B1F-5D1E-4BE2-996D-262FBAE92142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "28718ABE-3284-4DD0-AC64-91EF9EBEE912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "190B6BCD-55BC-4C18-8554-75B1C857513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB74115-1633-4A2C-94D0-1A85FE4A10B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE04BC5-0630-4919-B59A-0E3DD425E034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E52D7FC2-5A12-4696-980A-4790BA34024B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5D826F3F-574F-4223-84FF-19FC2F746864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8B158209-72C5-4171-A17E-F14D55418C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BC3A61-E7DB-4DBC-94CC-9044924565D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A6D24014-F825-48EF-B6F3-5833FE2A0B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "151306C9-2F74-40D2-91B4-83F1462C9C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "876E0000-FB61-4772-B276-69EA82EBA6A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "74015B5D-E453-4929-AFE5-F796B3372996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "74B174EB-05D1-49A0-932E-108D48A86123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7A3863C1-4C78-4E73-B7CF-B652BE6B6CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CBE8363A-30FB-412D-8EB0-B11EBE44746B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "32A8EFC1-A98A-400F-B500-A56DB9EEFC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AED1B86-A20F-4C7E-A920-31553A4716EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "67F969B8-9FD7-4A58-826B-626598B4AE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "85E02C58-8311-4441-B55C-2E5A41A63993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "326F858F-B04E-44B2-B7F8-A011A8856AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A86D61B8-A2BF-45C5-9CBB-DEF7A612E3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A290F817-BAB5-466B-8131-6D3532BD5723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE42D13-5230-4DCE-8483-6AEF849E54D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7BC082-E29C-49FA-BA15-7753D84D574B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8855848F-CBF8-4766-B220-8D3E031F2E33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en el m\u00f3dulo Ubercart 6.x-2.x anterior a 6.x-2.13 y 7.x-3.x anterior a 7.x-3.6 para Drupal, cuando la opci\u00f3n \"Registrar clientes nuevos despu\u00e9s de comprobaci\u00f3n\" est\u00e1 habilitada, permite a atacantes remotos secuestrar sesiones web mediante el aprovechamiento de conocimiento del identificador de sesi\u00f3n original."
}
],
"id": "CVE-2013-7302",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-29T14:38:49.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2158565"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2158567"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2158651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2158565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2158567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/2158651"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0322
Vulnerability from fkie_nvd - Published: 2013-03-27 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.1 | |
| ubercart | ubercart | 7.x-3.2 | |
| ubercart | ubercart | 7.x-3.3 | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BC3A61-E7DB-4DBC-94CC-9044924565D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A6D24014-F825-48EF-B6F3-5833FE2A0B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "151306C9-2F74-40D2-91B4-83F1462C9C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "876E0000-FB61-4772-B276-69EA82EBA6A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "74015B5D-E453-4929-AFE5-F796B3372996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "74B174EB-05D1-49A0-932E-108D48A86123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7A3863C1-4C78-4E73-B7CF-B652BE6B6CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CBE8363A-30FB-412D-8EB0-B11EBE44746B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "32A8EFC1-A98A-400F-B500-A56DB9EEFC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AED1B86-A20F-4C7E-A920-31553A4716EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "67F969B8-9FD7-4A58-826B-626598B4AE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "85E02C58-8311-4441-B55C-2E5A41A63993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "326F858F-B04E-44B2-B7F8-A011A8856AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A86D61B8-A2BF-45C5-9CBB-DEF7A612E3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A290F817-BAB5-466B-8131-6D3532BD5723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE42D13-5230-4DCE-8483-6AEF849E54D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n de secuencias de comandos en sitios cruzados(XSS) en Views en el m\u00f3dulo Ubercart v7.x-3.x antes v7.x-3.4 para Drupal que permite a atacantes remotos inyectar web script o HTML a trav\u00e9s del campo Nombre completo."
}
],
"id": "CVE-2013-0322",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T21:55:02.300",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922136"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1922418"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/52298"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1922418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/52298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5803
Vulnerability from fkie_nvd - Published: 2012-11-04 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| irata | authorize.net_module | - | |
| ubercart | ubercart | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:irata:authorize.net_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BF81D1-E750-4246-ADFE-24579A8DFE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8037027A-FBCA-4E26-8033-41ED781D2822",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
},
{
"lang": "es",
"value": "El m\u00f3dulo Authorize.Net en UberCart no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido de su elecci\u00f3n."
}
],
"id": "CVE-2012-5803",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-04T22:55:04.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5802
Vulnerability from fkie_nvd - Published: 2012-11-04 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paypal:paypal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3D0332-B1F8-424E-BDDC-EB83C3192AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8037027A-FBCA-4E26-8033-41ED781D2822",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
},
{
"lang": "es",
"value": "El m\u00f3dulo PayPal en UberCart no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido de su elecci\u00f3n."
}
],
"id": "CVE-2012-5802",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-04T22:55:04.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5804
Vulnerability from fkie_nvd - Published: 2012-11-04 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cybersource_module_project | cybersource | - | |
| ubercart | ubercart | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cybersource_module_project:cybersource:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19E68C56-51FC-4D9F-AAEE-FD986A7D9E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8037027A-FBCA-4E26-8033-41ED781D2822",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
},
{
"lang": "es",
"value": "El m\u00f3dulo CyberSource en Zen Cart no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a trav\u00e9s de un certificado v\u00e1lido de su elecci\u00f3n."
}
],
"id": "CVE-2012-5804",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-04T22:55:04.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2300
Vulnerability from fkie_nvd - Published: 2012-08-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.1 | |
| ubercart | ubercart | 6.x-2.2 | |
| ubercart | ubercart | 6.x-2.3 | |
| ubercart | ubercart | 6.x-2.4 | |
| ubercart | ubercart | 6.x-2.6 | |
| ubercart | ubercart | 6.x-2.7 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52ED25DF-7F6B-4725-B837-C544F5D7CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF3F0CC-434F-4BB5-A1E0-C8D9A840249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38526BF4-4387-48DB-B297-6F723C2C16C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75364B1F-5D1E-4BE2-996D-262FBAE92142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "28718ABE-3284-4DD0-AC64-91EF9EBEE912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "190B6BCD-55BC-4C18-8554-75B1C857513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BC3A61-E7DB-4DBC-94CC-9044924565D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A6D24014-F825-48EF-B6F3-5833FE2A0B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "151306C9-2F74-40D2-91B4-83F1462C9C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "876E0000-FB61-4772-B276-69EA82EBA6A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "74015B5D-E453-4929-AFE5-F796B3372996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "74B174EB-05D1-49A0-932E-108D48A86123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7A3863C1-4C78-4E73-B7CF-B652BE6B6CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CBE8363A-30FB-412D-8EB0-B11EBE44746B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "32A8EFC1-A98A-400F-B500-A56DB9EEFC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AED1B86-A20F-4C7E-A920-31553A4716EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "67F969B8-9FD7-4A58-826B-626598B4AE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "85E02C58-8311-4441-B55C-2E5A41A63993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "326F858F-B04E-44B2-B7F8-A011A8856AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el m\u00f3dulo Ubercart v6.x-2.x antes de v6.x-2.8 y v7.x v3.x antes de v7.x-3.1 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con permisos de administraci\u00f3n de clases de productos a trav\u00e9s de vectores no especificados.\r\n"
}
],
"id": "CVE-2012-2300",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-14T22:55:02.127",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547506"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547508"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1547674"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48935"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1547674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53251"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2299
Vulnerability from fkie_nvd - Published: 2012-08-14 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.0 | |
| ubercart | ubercart | 6.x-2.1 | |
| ubercart | ubercart | 6.x-2.2 | |
| ubercart | ubercart | 6.x-2.3 | |
| ubercart | ubercart | 6.x-2.4 | |
| ubercart | ubercart | 6.x-2.6 | |
| ubercart | ubercart | 6.x-2.7 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| ubercart | ubercart | 7.x-3.0 | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "52ED25DF-7F6B-4725-B837-C544F5D7CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF3F0CC-434F-4BB5-A1E0-C8D9A840249B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "38526BF4-4387-48DB-B297-6F723C2C16C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75364B1F-5D1E-4BE2-996D-262FBAE92142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "28718ABE-3284-4DD0-AC64-91EF9EBEE912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "190B6BCD-55BC-4C18-8554-75B1C857513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BC3A61-E7DB-4DBC-94CC-9044924565D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A6D24014-F825-48EF-B6F3-5833FE2A0B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "151306C9-2F74-40D2-91B4-83F1462C9C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "876E0000-FB61-4772-B276-69EA82EBA6A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "74015B5D-E453-4929-AFE5-F796B3372996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "74B174EB-05D1-49A0-932E-108D48A86123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7A3863C1-4C78-4E73-B7CF-B652BE6B6CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "CBE8363A-30FB-412D-8EB0-B11EBE44746B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "32A8EFC1-A98A-400F-B500-A56DB9EEFC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6AED1B86-A20F-4C7E-A920-31553A4716EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "67F969B8-9FD7-4A58-826B-626598B4AE9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "85E02C58-8311-4441-B55C-2E5A41A63993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "326F858F-B04E-44B2-B7F8-A011A8856AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database."
},
{
"lang": "es",
"value": "El m\u00f3dulo Ubercart v6.x-2.x antes de v6.x-2.8 y v7.x-v3.x antes de v7.x-3.1 para Drupal almacena las contrase\u00f1as para los nuevos clientes en el texto plano durante el pago, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de la base de datos.\r\n"
}
],
"id": "CVE-2012-2299",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-14T22:55:02.080",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547506"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547508"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1547674"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48935"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1547508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1547674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53251"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4771
Vulnerability from fkie_nvd - Published: 2010-04-20 14:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1506E9-AC3A-4D98-A62F-7B7FDE07352D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "36EA60B3-B083-498B-A597-B49B79A0623E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "589F977E-C734-4C3F-BCEF-8725578CDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "814F24C2-B300-47B6-B9AF-C08CB0780C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E532108F-1F14-4878-80B5-4D52A9B0F88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "79B708C2-04A9-41CE-8584-83033CABFDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "B01F7AB1-E52E-4D4C-969F-B8AA5624502D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6b:*:*:*:*:*:*",
"matchCriteriaId": "C7B26EB1-D24C-4AC9-8314-2BC7C20E7FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6c:*:*:*:*:*:*",
"matchCriteriaId": "2B852140-F0FB-45AC-BB06-073F39340D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "EE5C2E2D-F474-4E89-AB72-88EFA3886ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7b:*:*:*:*:*:*",
"matchCriteriaId": "4C978726-355A-4DF0-ABEA-C7CD90953B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7c:*:*:*:*:*:*",
"matchCriteriaId": "EF83D438-C2E5-44E9-A477-48D084EDB8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7d:*:*:*:*:*:*",
"matchCriteriaId": "4381C614-F280-482D-AB87-12B0723BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7e:*:*:*:*:*:*",
"matchCriteriaId": "CFAAB216-B175-4C53-AA9E-B21674579642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "23C9DAE6-3FD9-4B56-BD47-BACBB2BACB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "957D8BAE-5892-48C1-943C-84AA27C357C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2FC90E73-8D76-430F-99E8-6590453E3223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A3E3AFF8-F9BF-439E-B848-7F090CC0D8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "05199049-F50B-4D24-8F51-B075A01EC38F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "FBAAD07D-1167-453A-94BD-B7C496BC7BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "D74CA2E7-33CC-4ED0-B23A-3E1C93ADC5AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6D22ABDA-4390-40CB-B033-0FF8427A6D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "976464C9-3468-436C-A04D-9E9558F8DFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7F25EF22-E4FF-4FE1-9F2C-22A319762821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "53AC389E-1FA5-437C-983C-ED203AEE04B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CDCD215A-37E9-4486-B509-D1AA0073B1E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D1124B20-DBB0-48DF-A2F4-31C6A83F5B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CCA391-995C-4BAE-9054-6F23914D7D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CB6E83-F521-4F88-AF16-434F61474CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D6CD89-AFE8-43F5-9748-8A0B43241B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DEAEFBB1-6557-4990-AD8D-03440330F36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42319013-7B7A-48B6-91E1-DEA1440045E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2B9EEB-AB73-41E5-A175-7D5C8992166D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B27EE2E-989F-48E6-A5EF-B72BDFF21703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F6910A11-0B31-4CD2-AAA4-89702D1F1B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A927F877-546B-4CCD-8ED3-4C4029C8B8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified \"duplicate actions\" via unknown vectors."
},
{
"lang": "es",
"value": "la funcionalidad de \"PayPal Website Payments Standard\" (est\u00e1ndar de pago del sitio PayPal) del m\u00f3dulo Ubercart v5.x anteriores a la v5.x-1.9 y v6.x anteriores a la v6.x-2.1 de Drupal no valida apropiadamente los pedidos, lo que permite a atacantes remotos ejecutar \"acciones duplicadas\" sin especificar a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2009-4771",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T14:30:01.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/636576"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60290"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37440"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37058"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/636576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54346"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4772
Vulnerability from fkie_nvd - Published: 2010-04-20 14:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1506E9-AC3A-4D98-A62F-7B7FDE07352D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "36EA60B3-B083-498B-A597-B49B79A0623E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "589F977E-C734-4C3F-BCEF-8725578CDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "814F24C2-B300-47B6-B9AF-C08CB0780C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E532108F-1F14-4878-80B5-4D52A9B0F88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "79B708C2-04A9-41CE-8584-83033CABFDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "B01F7AB1-E52E-4D4C-969F-B8AA5624502D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6b:*:*:*:*:*:*",
"matchCriteriaId": "C7B26EB1-D24C-4AC9-8314-2BC7C20E7FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6c:*:*:*:*:*:*",
"matchCriteriaId": "2B852140-F0FB-45AC-BB06-073F39340D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "EE5C2E2D-F474-4E89-AB72-88EFA3886ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7b:*:*:*:*:*:*",
"matchCriteriaId": "4C978726-355A-4DF0-ABEA-C7CD90953B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7c:*:*:*:*:*:*",
"matchCriteriaId": "EF83D438-C2E5-44E9-A477-48D084EDB8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7d:*:*:*:*:*:*",
"matchCriteriaId": "4381C614-F280-482D-AB87-12B0723BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7e:*:*:*:*:*:*",
"matchCriteriaId": "CFAAB216-B175-4C53-AA9E-B21674579642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "23C9DAE6-3FD9-4B56-BD47-BACBB2BACB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "957D8BAE-5892-48C1-943C-84AA27C357C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2FC90E73-8D76-430F-99E8-6590453E3223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A3E3AFF8-F9BF-439E-B848-7F090CC0D8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "05199049-F50B-4D24-8F51-B075A01EC38F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "FBAAD07D-1167-453A-94BD-B7C496BC7BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "D74CA2E7-33CC-4ED0-B23A-3E1C93ADC5AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6D22ABDA-4390-40CB-B033-0FF8427A6D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "976464C9-3468-436C-A04D-9E9558F8DFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7F25EF22-E4FF-4FE1-9F2C-22A319762821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "53AC389E-1FA5-437C-983C-ED203AEE04B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CDCD215A-37E9-4486-B509-D1AA0073B1E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D1124B20-DBB0-48DF-A2F4-31C6A83F5B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CCA391-995C-4BAE-9054-6F23914D7D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CB6E83-F521-4F88-AF16-434F61474CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D6CD89-AFE8-43F5-9748-8A0B43241B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DEAEFBB1-6557-4990-AD8D-03440330F36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42319013-7B7A-48B6-91E1-DEA1440045E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2B9EEB-AB73-41E5-A175-7D5C8992166D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B27EE2E-989F-48E6-A5EF-B72BDFF21703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F6910A11-0B31-4CD2-AAA4-89702D1F1B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A927F877-546B-4CCD-8ED3-4C4029C8B8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la funcionalidad de \"PayPal Website Payments Standard\" (est\u00e1ndar de pago del sitio PayPal) del m\u00f3dulo Ubercart v5.x anteriores a la v5.x-1.9 y v6.x anteriores a la v6.x-2.1 de Drupal. Cuando se habilita un mensaje modificado de fin de la confirmaci\u00f3n, permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de vectores de ataque sin especificar."
}
],
"id": "CVE-2009-4772",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T14:30:01.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/636576"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60291"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37440"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/636576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54345"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4773
Vulnerability from fkie_nvd - Published: 2010-04-20 14:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1506E9-AC3A-4D98-A62F-7B7FDE07352D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "36EA60B3-B083-498B-A597-B49B79A0623E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "589F977E-C734-4C3F-BCEF-8725578CDC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "814F24C2-B300-47B6-B9AF-C08CB0780C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "E532108F-1F14-4878-80B5-4D52A9B0F88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "79B708C2-04A9-41CE-8584-83033CABFDFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "B01F7AB1-E52E-4D4C-969F-B8AA5624502D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6b:*:*:*:*:*:*",
"matchCriteriaId": "C7B26EB1-D24C-4AC9-8314-2BC7C20E7FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha6c:*:*:*:*:*:*",
"matchCriteriaId": "2B852140-F0FB-45AC-BB06-073F39340D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "EE5C2E2D-F474-4E89-AB72-88EFA3886ADB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7b:*:*:*:*:*:*",
"matchCriteriaId": "4C978726-355A-4DF0-ABEA-C7CD90953B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7c:*:*:*:*:*:*",
"matchCriteriaId": "EF83D438-C2E5-44E9-A477-48D084EDB8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7d:*:*:*:*:*:*",
"matchCriteriaId": "4381C614-F280-482D-AB87-12B0723BB944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha7e:*:*:*:*:*:*",
"matchCriteriaId": "CFAAB216-B175-4C53-AA9E-B21674579642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "23C9DAE6-3FD9-4B56-BD47-BACBB2BACB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "957D8BAE-5892-48C1-943C-84AA27C357C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2FC90E73-8D76-430F-99E8-6590453E3223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A3E3AFF8-F9BF-439E-B848-7F090CC0D8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "05199049-F50B-4D24-8F51-B075A01EC38F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "FBAAD07D-1167-453A-94BD-B7C496BC7BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "D74CA2E7-33CC-4ED0-B23A-3E1C93ADC5AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6D22ABDA-4390-40CB-B033-0FF8427A6D84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "976464C9-3468-436C-A04D-9E9558F8DFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7F25EF22-E4FF-4FE1-9F2C-22A319762821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "53AC389E-1FA5-437C-983C-ED203AEE04B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "CDCD215A-37E9-4486-B509-D1AA0073B1E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D1124B20-DBB0-48DF-A2F4-31C6A83F5B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CCA391-995C-4BAE-9054-6F23914D7D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CB6E83-F521-4F88-AF16-434F61474CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97D6CD89-AFE8-43F5-9748-8A0B43241B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DEAEFBB1-6557-4990-AD8D-03440330F36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42319013-7B7A-48B6-91E1-DEA1440045E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2B9EEB-AB73-41E5-A175-7D5C8992166D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B27EE2E-989F-48E6-A5EF-B72BDFF21703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F6910A11-0B31-4CD2-AAA4-89702D1F1B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A927F877-546B-4CCD-8ED3-4C4029C8B8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF7E74D-91D0-49FF-A71A-63B20EFF0E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B4C87025-FF3C-41B5-B52C-37F796F4973A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "C1C7385D-617D-4099-B5F3-09A0EDA14133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "91D74566-3865-4F58-8509-0FA3A63E7D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2ED83941-C6B5-4771-8668-1B4DD2D889DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4209AD2B-501C-43BC-AA05-88AF06B87EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "3A7D65E3-98AA-42E4-95B7-7E2505423484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*",
"matchCriteriaId": "B1EC6578-162C-4453-BBBD-71AF61E9B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E1FD57E7-11AA-4143-A012-EC616241A190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "440346E5-0B77-4F0E-99A7-B68B6B438DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "75BA114E-DA1B-4EFE-B628-4F595AB3EFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "022F1C03-BDB5-457E-AD5B-3BC9B79FB82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "C82D96AB-67DF-4002-9BE6-6D0D0BE4CE82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "68A7835B-975C-400D-A24A-779A7C8FA8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "B4FBEE67-FF86-4796-9A41-48FE1A84ADA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la funcionalidad \"order-management\" (gesti\u00f3n de \u00f3rdenes) en el m\u00f3dulo Ubercart v5.x anteriores a la v5.x-1.9 y v6.x anteriores a la v6.x-2.1 de Drupal. Permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de v\u00edctimas sin especificar a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2009-4773",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-20T14:30:01.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/636576"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/60292"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37440"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/636576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/60292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54344"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-9026 (GCVE-0-2014-9026)
Vulnerability from cvelistv5 – Published: 2014-11-20 17:00 – Updated: 2024-09-16 16:48
VLAI?
Summary
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2336259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2336109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the \"view own orders\" permission to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-20T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2336259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2336109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the \"view own orders\" permission to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2336259",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2336259"
},
{
"name": "https://www.drupal.org/node/2336109",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2336109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9026",
"datePublished": "2014-11-20T17:00:00Z",
"dateReserved": "2014-11-20T00:00:00Z",
"dateUpdated": "2024-09-16T16:48:17.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2301 (GCVE-0-2012-2301)
Vulnerability from cvelistv5 – Published: 2014-11-16 02:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the \"administer product classes\" permission to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T01:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the \"administer product classes\" permission to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "MISC",
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "MISC",
"url": "http://drupal.org/node/1547508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2301",
"datePublished": "2014-11-16T02:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7302 (GCVE-0-2013-7302)
Vulnerability from cvelistv5 – Published: 2014-04-29 14:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2158651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2158567"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2158565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2158651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2158567"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2158565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2158651",
"refsource": "MISC",
"url": "https://drupal.org/node/2158651"
},
{
"name": "https://drupal.org/node/2158567",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2158567"
},
{
"name": "https://drupal.org/node/2158565",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2158565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7302",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2014-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0322 (GCVE-0-2013-0322)
Vulnerability from cvelistv5 – Published: 2013-03-27 21:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1922418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-19T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1922418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52298"
},
{
"name": "http://drupal.org/node/1922136",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922136"
},
{
"name": "http://drupal.org/node/1922418",
"refsource": "MISC",
"url": "http://drupal.org/node/1922418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0322",
"datePublished": "2013-03-27T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:25:09.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5802 (GCVE-0-2012-5802)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5802",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5803 (GCVE-0-2012-5803)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5803",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5804 (GCVE-0-2012-5804)
Vulnerability from cvelistv5 – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5804",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2300 (GCVE-0-2012-2300)
Vulnerability from cvelistv5 – Published: 2012-08-14 22:00 – Updated: 2024-09-16 17:03
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-14T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2300",
"datePublished": "2012-08-14T22:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:37.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2299 (GCVE-0-2012-2299)
Vulnerability from cvelistv5 – Published: 2012-08-14 22:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-14T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547508"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2299",
"datePublished": "2012-08-14T22:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:08.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9026 (GCVE-0-2014-9026)
Vulnerability from nvd – Published: 2014-11-20 17:00 – Updated: 2024-09-16 16:48
VLAI?
Summary
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2336259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2336109"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the \"view own orders\" permission to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-20T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2336259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2336109"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the \"view own orders\" permission to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2336259",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2336259"
},
{
"name": "https://www.drupal.org/node/2336109",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2336109"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9026",
"datePublished": "2014-11-20T17:00:00Z",
"dateReserved": "2014-11-20T00:00:00Z",
"dateUpdated": "2024-09-16T16:48:17.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2301 (GCVE-0-2012-2301)
Vulnerability from nvd – Published: 2014-11-16 02:00 – Updated: 2024-08-06 19:26
VLAI?
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the \"administer product classes\" permission to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T01:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the \"administer product classes\" permission to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "MISC",
"url": "http://drupal.org/node/1547506"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "MISC",
"url": "http://drupal.org/node/1547508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2301",
"datePublished": "2014-11-16T02:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7302 (GCVE-0-2013-7302)
Vulnerability from nvd – Published: 2014-04-29 14:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2158651"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2158567"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2158565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2158651"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2158567"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2158565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the \"Log in new customers after checkout\" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2158651",
"refsource": "MISC",
"url": "https://drupal.org/node/2158651"
},
{
"name": "https://drupal.org/node/2158567",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2158567"
},
{
"name": "https://drupal.org/node/2158565",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2158565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7302",
"datePublished": "2014-04-29T14:00:00",
"dateReserved": "2014-01-20T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0322 (GCVE-0-2013-0322)
Vulnerability from nvd – Published: 2013-03-27 21:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922136"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1922418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-19T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922136"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1922418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5"
},
{
"name": "52298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52298"
},
{
"name": "http://drupal.org/node/1922136",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922136"
},
{
"name": "http://drupal.org/node/1922418",
"refsource": "MISC",
"url": "http://drupal.org/node/1922418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0322",
"datePublished": "2013-03-27T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:25:09.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5802 (GCVE-0-2012-5802)
Vulnerability from nvd – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "paypal-ubercart-ssl-spoofing(79949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5802",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5803 (GCVE-0-2012-5803)
Vulnerability from nvd – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name": "authorizedotnet-ubercart-ssl-spoofing(79948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79948"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5803",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5804 (GCVE-0-2012-5804)
Vulnerability from nvd – Published: 2012-11-04 22:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cybersource-ubercart-ssl-spoofing(79947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79947"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5804",
"datePublished": "2012-11-04T22:00:00",
"dateReserved": "2012-11-04T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2300 (GCVE-0-2012-2300)
Vulnerability from nvd – Published: 2012-08-14 22:00 – Updated: 2024-09-16 17:03
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-14T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2300",
"datePublished": "2012-08-14T22:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:03:37.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2299 (GCVE-0-2012-2299)
Vulnerability from nvd – Published: 2012-08-14 22:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1547506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-14T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1547674"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1547506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547508"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2299",
"datePublished": "2012-08-14T22:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:08.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}