- Ubercart 1.x-1.x versions prior to 1.x-1.0.6-beta
The Ubercart module provides a shopping cart and e-commerce features for Backdrop CMS.
The order submodule doesn't sufficiently sanitize user input when displayed on an invoice, leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "edit orders".
- Greg Knaddison of the Drupal Security Team