CVE-2008-1916: XSS
First published: Tue Apr 22 2008(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal Ubercart Module | =5-1.0-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-1916?
CVE-2008-1916 has been classified as a high severity vulnerability due to its potential to allow remote attackers to execute malicious scripts.
How do I fix CVE-2008-1916?
To fix CVE-2008-1916, upgrade the Ubercart module to version 5.x-1.0-rc1 or later.
What systems are affected by CVE-2008-1916?
CVE-2008-1916 affects the Ubercart module version 5.x before 5.x-1.0-rc1 in Drupal.
What type of vulnerability is CVE-2008-1916?
CVE-2008-1916 is a cross-site scripting (XSS) vulnerability that allows attackers to inject arbitrary web scripts or HTML.
What are the implications of CVE-2008-1916?
The implications of CVE-2008-1916 include allowing attackers to manipulate order information displayed on the order view page.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/drupal
- canonical/drupal ubercart module
- version/drupal ubercart module/5-1.0-rc1