CVE-2008-1916

Name of the Vulnerable Software and Affected Versions Ubercart versions prior to 5.x-1.0-rc1

Description The issue allows remote attackers to inject arbitrary web script or HTML via text fields intended for the address and order information, which are later displayed on the order view page and unspecified other administrative pages.

Recommendations For versions prior to 5.x-1.0-rc1, update to version 5.x-1.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting user input in the address and order information fields to minimize the risk of exploitation.