CVE-2013-0322
published 2013-03-27CVE-2013-0322: Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web…
PriorityP180medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
1.16%
63.2th percentile
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ubercart | ubercart | — | — |
| ubercart | ubercart | — | — |
| ubercart | ubercart | — | — |
| ubercart | ubercart | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mw78-v8j9-2m24: Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7
ghsa_unreviewed·2022-05-05
CVE-2013-0322 [MEDIUM] CWE-79 GHSA-mw78-v8j9-2m24: Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
VulnCheck
ubercart ubercart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2013·CVSS 4.3
CVE-2013-0322 [MEDIUM] ubercart ubercart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ubercart ubercart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field.
Affected: ubercart ubercart
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf; https://www.ivanti.com/resources/v/doc/pr-survey-report/ransomware-quarterly-indexreport_q2-q3; https://info.securin.io/hubfs/Securin%20Ransomwa
No detection rules found.
http://drupal.org/node/1922136http://drupal.org/node/1922418http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5http://secunia.com/advisories/52298http://www.openwall.com/lists/oss-security/2013/02/21/5http://drupal.org/node/1922136http://drupal.org/node/1922418http://drupalcode.org/project/ubercart.git/commitdiff/f9d69b5http://secunia.com/advisories/52298http://www.openwall.com/lists/oss-security/2013/02/21/5
2013-03-27
Published
Exploited in the wild