![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
CVE request: CSRF in xt:commerce 3.04 SP2.1
From: dishix <dishix () googlemail com>
Date: Sat, 03 Dec 2011 09:38:30 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Can I get CVE-identifier for this: xt:commerce 3.04 SP2.1 is prone to CSRF. An attacker can exploit this vulnerability to escalate his/her privileges to gain administrator access.
http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html
Best regards, dishix -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJO2d/7AAoJEKmqdCCWk7VQDpsIAJQNWNIaDXNTAuQrf8767R+n U1ZQxSxRCVDkX7DsOINQgHxBYnetaycfKmBfX8KlOZvZYtvtOM7YrDlx2q8Pbcf7 nGF2IhZBIDOE9I67Gpwx1wAoHQogynXS7o/PGyZL9o7j4tzUmodbPG8nFMIK9c+8 BwchXmaV95J99V6scaL/MVwMG7K235UVuRkd6sxKDOPT9rYU8Ex/7Mpru9LQqeYf zS4WlzTJ+zgJ/3YmzvJo59AfTmTFGNbahgkl1YsgmEkq79lQoVewf72Q5kY50zbX njegk+xl1OJpbyoqa99x0Vxy789mqo97bfWreGgr445VLgIWG4LtkwEPemBpg/s= =H1Cx -----END PGP SIGNATURE-----
Current thread:
- CVE request: CSRF in xt:commerce 3.04 SP2.1 dishix (Dec 03)
- Re: CVE request: CSRF in xt:commerce 3.04 SP2.1 Kurt Seifried (Dec 04)