oss-sec mailing list archives

Re: CVE request: CSRF in xt:commerce 3.04 SP2.1

From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 04 Dec 2011 11:38:48 -0700

On 12/03/2011 01:38 AM, dishix wrote:

Hi,

Can I get CVE-identifier for this:

xt:commerce 3.04 SP2.1 is prone to CSRF. An attacker can exploit this
vulnerability to escalate his/her privileges to gain administrator access.

http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html

http://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html

The second link is 404. Also can you provide links to the project and
the affected source code so I can verify this issue? Thanks.


Best regards,
dishix


-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE request: CSRF in xt:commerce 3.04 SP2.1 dishix (Dec 03)
- Re: CVE request: CSRF in xt:commerce 3.04 SP2.1 Kurt Seifried (Dec 04)