3 matches found
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in xt:Commerce 3.0.4 SP2.1 and possibly earlier allow remote attackers to hijack the authentication of Admins for requests that 1 set a New user to Admin via the cID parameter to a statusconfirm action in admin/customers.php and 2 grant...
CVE-2008-6045
Session fixation vulnerability in shoppingcart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter...
Session fixation
Session fixation vulnerability in shoppingcart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter...