Back to search
CVE-2012-2731
Published: Jun 27, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5
x_refsource_CONFIRM
uberart-ajax-info-disc(76332)
vdb-entry
x_refsource_XF
53999
vdb-entry
x_refsource_BID
http://drupal.org/node/1633048
x_refsource_MISC
[oss-security] 20120613 Re: CVE Request for Drupal contributed modules
mailing-list
x_refsource_MLIST
http://drupal.org/node/1619586
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now