2 matches found
CVE-2020-12101
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address...
CVE-2020-12101
Summary: CVE-2020-12101 affects xt:Commerce 5.1–6.2.2 and is an improper access-control flaw. A logged-in customer can manipulate the address management “id” in the POST request to alter or null other users’ addresses, potentially clearing all addresses in a shop. The root cause is insufficient a...