Ubercart - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2019-003
The Ubercart module provides a shopping cart and e-commerce features for Backdrop CMS.
The taxes module doesn't sufficiently protect the tax rate cloning feature. A malicious user could trick a store administrator into duplicating an existing tax rate by getting them to visit a specially-crafted URL.
- Ubercart 1.x.x versions prior to 1.x-1.0.4-beta