Chadcrew

**Name of the Vulnerable Software and Affected Versions** Ubercart versions prior to 5.x-1.0-rc1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via text fields intended for the `address` and `order information`, which are later displayed on the order view page and unspecified other administrative pages. **Recommendations** For versions prior to 5.x-1.0-rc1, update to version 5.x-1.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting user input in the `address` and `order information` fields to minimize the risk of exploitation.