The Ubercart AJAX Cart 6.x-2.x prior to 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote malicious users to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
richardo_ante ubercart_ajax_cart 6.x-2.0 |