CVSS: 2.6EPSS: 0%CPEs: 20EXPL: 1CVE-2012-2731
https://notcve.org/view.php?id=CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. Ubercart AJAX Cart v6.x-2.x anterior a v6.x-2.1 para Drupal almacena la id de la sesión en la tabla de configuración de páginas cargadas, lo que podría permitir a atacantes remotos obtener información sensible espiando o leyendo la caché del HTML de una página Web. • http://drupal.org/node/1619586 http://drupal.org/node/1633048 http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53999 https://exchange.xforce.ibmcloud.com/vulnerabilities/76332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •