xt:Commerce 5.4.1 / 6.2.1 / 6.2.2 Improper Access Control Vulnerability
xt:Commerce version 5.4.1, 6.2.1, and 6.2.2 suffer from an improper access control vulnerability. A logged-in customer can create and alter addresses. These addresses are referenced by incrementing IDs. On saving an address, an attacker could change the ID of the address to write the data to. If...