2 matches found
CVE-2010-3978
Spree CVE-2010-3978 affects Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0. The issue is a JSON hijacking vulnerability where the application exchanges data via JSON without validating requests, enabling remote attackers to obtain sensitive information via admin endpoints: /admin/products.js...
Spree e-commerce JSON Hijacking Vulnerabilities - CVE-2010-3978
Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Spree e-commerce JSON Hijacking Vulnerabilities CVE-2010-3978 INTRODUCTI...