CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4482
https://notcve.org/view.php?id=CVE-2012-4482
31 Oct 2012 — The Ubercart SecureTrading Payment Method module 6.x for Drupal does not properly verify payment notification information, which allows remote attackers to purchase an item without paying via unspecified vectors. El módulo Ubercart SecureTrading Payment Method v6.x para Drupal no verifica correctamente la información de la notificación de pago, lo que permite a atacantes remotos comprar un artículo sin pagar a través de vectores no especificados. • http://drupal.org/node/1679820 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1978
https://notcve.org/view.php?id=CVE-2008-1978
27 Apr 2008 — Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. Vulnerabilidad de secuencias de órdenes en sitios cruzados (XSS) en el módulo Ubercart 5.x anteriores a 5.x-1.0 rc3 de Drupal permite a usuarios remotos autenticados inyectar 'script' web o HTML de su elección mediante títulos de nodos relaciona... • http://drupal.org/node/250343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1916
https://notcve.org/view.php?id=CVE-2008-1916
22 Apr 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS), vulnerabilidades en Ubercart 5.x anteteriores a 5.x... • http://drupal.org/node/241944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1428
https://notcve.org/view.php?id=CVE-2008-1428
20 Mar 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Ubercart versiones 5.x anteriores a 5.x-1.0-beta7 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección utilizando un valor de atributo de texto para un producto. • http://drupal.org/node/233492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2007-5621
https://notcve.org/view.php?id=CVE-2007-5621
22 Oct 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames. Múltiples vulnerabilidades de secuencias de ... • http://drupal.org/node/184336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •