CVE-2008-1916
Drupal Ubercart Module < 5.x-1.0-rc1 - Cross-Site Scripting via Address and Order Information Fields
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/241944
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1083/references
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41624
Scores
EPSS
0.0032
EPSS Percentile
55.5%
Details
CWE
CWE-79
Status
published
Products (1)
drupal/ubercart_module
5-1.0 rc1
Published
Apr 23, 2008
Tracked Since
Feb 18, 2026