oss-sec mailing list archives
Re: CVE request: CSRF in xt:commerce 3.04 SP2.1
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 04 Dec 2011 11:38:48 -0700
On 12/03/2011 01:38 AM, dishix wrote:
Hi, Can I get CVE-identifier for this: xt:commerce 3.04 SP2.1 is prone to CSRF. An attacker can exploit this vulnerability to escalate his/her privileges to gain administrator access.http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.htmlhttp://dishix.blogspot.com/p/xtcommerce-v304-sp21-cross-site-request_29.html
The second link is 404. Also can you provide links to the project and the affected source code so I can verify this issue? Thanks.
Best regards, dishix
-- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE request: CSRF in xt:commerce 3.04 SP2.1 dishix (Dec 03)
- Re: CVE request: CSRF in xt:commerce 3.04 SP2.1 Kurt Seifried (Dec 04)