Description
Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
Remediation
References
Related Vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)
Oracle JRE CVE-2020-2756 Vulnerability (CVE-2020-2756)
WordPress Plugin Google XML Sitemaps Cross-Site Scripting (4.0.9)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.153.3)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8656)