Vulnerabilites related to drupal - ubercart_module
Vulnerability from fkie_nvd
Published
2008-03-20 18:44
Modified
2024-11-21 00:44
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | ubercart_module | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:ubercart_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "274C9C2E-8F6B-4C47-B33E-F10F1330919C",
"versionEndIncluding": "5-1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Ubercart versiones 5.x anteriores a 5.x-1.0-beta7 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n utilizando un valor de atributo de texto para un producto."
}
],
"id": "CVE-2008-1428",
"lastModified": "2024-11-21T00:44:30.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-20T18:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/233492"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0867/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/233492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0867/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41184"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-22 19:46
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | asin_field_module | * | |
| drupal | drupal | 4.7 | |
| drupal | drupal | 5.0 | |
| drupal | drupal | 5.1 | |
| drupal | drupal | 5.2 | |
| drupal | e-commerce_module | * | |
| drupal | fullname_field_for_cck | * | |
| drupal | invite_module | * | |
| drupal | node_relativity_module | * | |
| drupal | pathauto_module | * | |
| drupal | paypal_node_module | * | |
| drupal | token_module | * | |
| drupal | token_module | * | |
| drupal | ubercart_module | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:asin_field_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "011674D1-BC93-4DF3-90AD-5DD77C9B76BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE9A8A9-19D4-4C50-A4B5-2EFD8B05BAE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDBE79A6-5762-4A7C-8FDA-C11FFFDCFC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5BCAB7B-DF79-4DB8-A5C4-731F251A02A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AEAB73-F7A9-4C62-BCB6-1028DAF149DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:e-commerce_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1AA096-DD9A-469F-9C74-FA25FDF7F681",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:fullname_field_for_cck:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A23EB1-B43B-4CB0-B4B9-5BD4B7918B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:invite_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFF68A6-A4A5-452C-BA90-0181643DE4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:node_relativity_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9401FC7-57F4-4D99-95F2-0FE0CB9956E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:pathauto_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02978B3D-7C83-44D2-847A-4C0B03398C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:paypal_node_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA140B1-831E-4F86-B0F3-3C116D6DD691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:token_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE016A5B-D43E-4BB9-8655-9FB4183EF2B6",
"versionEndIncluding": "1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:token_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1866ED2F-7E57-40F4-A71D-1097E44038E7",
"versionEndIncluding": "1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:ubercart_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F1C4D2-4007-420C-A7EC-9E3B51C2F3DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Toke versiones anteriores a 4.7.x-1.5, y 5.x versiones anteriores a 5.x-1.9, para Drupal; tal y como se usa en los m\u00f3dulos ASIN Field, e-Commerce, campo Fullname para CCK, Invite, Node Relativity, Pathauto, PayPal Node, y Ubercart; permiten a atacantes remotos autenticados con privilegios de enviar comentarios, inyectar scripts web o HTML de su elecci\u00f3n mediante vectores no especificados relativos a (1) comments, (2) vocabulary names, (3) term names, y (4) usernames."
}
],
"id": "CVE-2007-5621",
"lastModified": "2024-11-21T00:38:19.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-22T19:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/184336"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38073"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/27291"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/184336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/27291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37275"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-27 20:05
Modified
2024-11-21 00:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | drupal | * | |
| drupal | ubercart_module | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC34C73-08D5-44FA-8F21-CE0DA7622BA0",
"versionEndIncluding": "5.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:ubercart_module:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C0625A63-0EFB-41BC-86CB-09594833C7AB",
"versionEndIncluding": "5-1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de \u00f3rdenes en sitios cruzados (XSS) en el m\u00f3dulo Ubercart 5.x anteriores a 5.x-1.0 rc3 de Drupal permite a usuarios remotos autenticados inyectar \u0027script\u0027 web o HTML de su elecci\u00f3n mediante t\u00edtulos de nodos relacionados con caracter\u00edsticas del producto no especificadas, un vector distinto de CVE-2008-1428."
}
],
"id": "CVE-2008-1978",
"lastModified": "2024-11-21T00:45:48.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-27T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://drupal.org/node/250343"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29950"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28914"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1351/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupal.org/node/250343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1351/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41975"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-23 13:05
Modified
2024-11-21 00:45
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | ubercart_module | 5-1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:ubercart_module:5-1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "739895AB-2F58-4E92-BE95-9D2BED55C5E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS), vulnerabilidades en Ubercart 5.x anteteriores a 5.x-1.0-rc1, m\u00f3dulo para drupal que permite a los atacantes remotos inyectar c\u00f3digo web o HTML a trav\u00e9s de los campos deseados (1) direcci\u00f3n y (2) pedir informaci\u00f3n, los cuales son mostrados mas tarde en la p\u00e1gina que hemos pedido y en otras p\u00e1ginas administrativas no especificadas, es una vulnerabilidad distinta a CVE-2008-1428."
}
],
"id": "CVE-2008-1916",
"lastModified": "2024-11-21T00:45:39.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-23T13:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/241944"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1083/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/241944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1083/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41624"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-1978
Vulnerability from cvelistv5
Published
2008-04-27 20:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41975 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/29950 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/28914 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/1351/references | vdb-entry, x_refsource_VUPEN | |
| http://drupal.org/node/250343 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ubercart-module-xss(41975)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41975"
},
{
"name": "29950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29950"
},
{
"name": "28914",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28914"
},
{
"name": "ADV-2008-1351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1351/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/250343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ubercart-module-xss(41975)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41975"
},
{
"name": "29950",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29950"
},
{
"name": "28914",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28914"
},
{
"name": "ADV-2008-1351",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1351/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/250343"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ubercart-module-xss(41975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41975"
},
{
"name": "29950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29950"
},
{
"name": "28914",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28914"
},
{
"name": "ADV-2008-1351",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1351/references"
},
{
"name": "http://drupal.org/node/250343",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/250343"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1978",
"datePublished": "2008-04-27T20:00:00",
"dateReserved": "2008-04-27T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1916
Vulnerability from cvelistv5
Published
2008-04-22 00:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/241944 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/1083/references | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41624 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/241944"
},
{
"name": "ADV-2008-1083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1083/references"
},
{
"name": "ubercart-orders-xss(41624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/241944"
},
{
"name": "ADV-2008-1083",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1083/references"
},
{
"name": "ubercart-orders-xss(41624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/241944",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/241944"
},
{
"name": "ADV-2008-1083",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1083/references"
},
{
"name": "ubercart-orders-xss(41624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1916",
"datePublished": "2008-04-22T00:00:00",
"dateReserved": "2008-04-21T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5621
Vulnerability from cvelistv5
Published
2007-10-22 19:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/38073 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37275 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/184336 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/27291 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:13.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38073"
},
{
"name": "drupal-tokenmodule-xss(37275)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/184336"
},
{
"name": "27291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38073",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38073"
},
{
"name": "drupal-tokenmodule-xss(37275)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/184336"
},
{
"name": "27291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27291"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38073",
"refsource": "OSVDB",
"url": "http://osvdb.org/38073"
},
{
"name": "drupal-tokenmodule-xss(37275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37275"
},
{
"name": "http://drupal.org/node/184336",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/184336"
},
{
"name": "27291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27291"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5621",
"datePublished": "2007-10-22T19:00:00",
"dateReserved": "2007-10-22T00:00:00",
"dateUpdated": "2024-08-07T15:39:13.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1428
Vulnerability from cvelistv5
Published
2008-03-20 18:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/233492 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/0867/references | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41184 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/233492"
},
{
"name": "ADV-2008-0867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0867/references"
},
{
"name": "ubercart-attribute-xss(41184)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/233492"
},
{
"name": "ADV-2008-0867",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0867/references"
},
{
"name": "ubercart-attribute-xss(41184)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/233492",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/233492"
},
{
"name": "ADV-2008-0867",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0867/references"
},
{
"name": "ubercart-attribute-xss(41184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1428",
"datePublished": "2008-03-20T18:00:00",
"dateReserved": "2008-03-20T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}