Vulnerabilities > Commerceguys

DATE	CVE	VULNERABILITY TITLE	RISK
2014-11-20	CVE-2014-9025	Information Exposure vulnerability in Commerceguys Commerce 7.X1.0/7.X1.1 The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at checkout, which allows remote attackers to obtain sensitive information via unspecified vectors. network low complexity commerceguys CWE-200	5.0
2012-10-01	CVE-2012-1639	Cross-Site Scripting vulnerability in Commerceguys Commerce 7.X1.0/7.X1.1/7.X1.X Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters. network drupal commerceguys CWE-79	3.5
2012-08-31	CVE-2012-2116	Cross-Site Request Forgery (CSRF) vulnerability in Commerceguys Commerce Reorder 7.X1.0/7.X1.X Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. network commerceguys drupal CWE-352	6.8

Vulnerabilities > Commerceguys {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Commerceguys"}]}