Heineon

**Name of the Vulnerable Software and Affected Versions** Ubercart module for Drupal versions prior to 5.x-1.0 rc3 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features. **Recommendations** For versions prior to 5.x-1.0 rc3, update to version 5.x-1.0 rc3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 4.7.x through 5.x **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files, when certain .htaccess protections are disabled. **Recommendations** For versions 4.7.x through 5.x, enable .htaccess protections to prevent exploitation. As a temporary workaround, consider restricting access to theme .tpl.php files until a fix is applied.