Ubercart : Security Vulnerabilities, CVEs, Published In 2010
Cross-site request forgery (CSRF) vulnerability in the order-management functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.21%
Published
2010-04-20
Updated
2017-08-17
Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.
Max CVSS
4.3
EPSS Score
0.26%
Published
2010-04-20
Updated
2017-08-17
The PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal does not properly validate orders, which allows remote attackers to trigger unspecified "duplicate actions" via unknown vectors.
Max CVSS
5.0
EPSS Score
0.44%
Published
2010-04-20
Updated
2017-08-17
3 vulnerabilities found