PRIOn knowledge basePRION:CVE-2012-2300

HistoryAug 14, 2012 - 10:55 p.m.

Cross site scripting

2012-08-1422:55:00

PRIOn knowledge base

www.prio-n.com

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
ubercarteq6.x-2.0 beta4
ubercarteq6.x-2.0 beta3
ubercarteq6.x-2.0 beta2
ubercarteq6.x-2.0 beta1
ubercarteq6.120.20
ubercarteq6.x-2.0 dev
ubercarteq6.x-2.0 beta6
ubercarteq6.x-2.0 rc3
ubercarteq6.x-2.0 rc5
ubercarteq6.x-2.0 rc2

Name	Operator	Version
ubercart	eq	6.x-2.0 beta4
ubercart	eq	6.x-2.0 beta3
ubercart	eq	6.x-2.0 beta2
ubercart	eq	6.x-2.0 beta1
ubercart	eq	6.120.20
ubercart	eq	6.x-2.0 dev
ubercart	eq	6.x-2.0 beta6
ubercart	eq	6.x-2.0 rc3
ubercart	eq	6.x-2.0 rc5
ubercart	eq	6.x-2.0 rc2

Rows per page:

1-10 of 341

References

drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8

drupalcode.org/project/ubercart.git/commitdiff/dfd8658

secunia.com/advisories/48935

www.openwall.com/lists/oss-security/2012/05/03/1

www.openwall.com/lists/oss-security/2012/05/03/2

www.securityfocus.com/bid/53251

drupal.org/node/1547506

drupal.org/node/1547508

drupal.org/node/1547674