2 matches found
CVE-2012-2731
CVE-2012-2731 affects Ubercart AJAX Cart 6.x-2.x for Drupal prior to 6.x-2.1. The vulnerability stems from storing the PHP session ID in a JavaScript settings array on page loads, which could allow remote attackers to disclose sensitive information by sniffing or reading the HTML cache of a page....
SA-CONTRIB-2012-102 - Ubercart AJAX Cart - Potential Disclosure of user Session ID
This module enables you to replace the default Ubercart shopping cart block with an AJAX-enabled one. The module includes the user's current session ID in one of its JavaScript settings keys on every page load which could be intercepted if the user's connection is not over SSL. This vulnerability...