CVE-2012-2731

medium

Description

The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/76332

http://www.securityfocus.com/bid/53999

http://www.openwall.com/lists/oss-security/2012/06/14/3

http://drupal.org/node/1633048

http://drupal.org/node/1619586

Details

Source: Mitre, NVD

Published: 2012-06-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.0056