Bugtraq mailing list archives
Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues
From: admin () majorsecurity de
Date: 22 Sep 2008 18:09:05 -0000
It's not the "PHPSESSID" parameter - instead it's the "XTCsid" parameter which is vulnerable to a session fixation attack. Workaround: ================ Update to xt:Commerce 3.0.4 SP 2.1
Current thread:
- [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin (Sep 22)
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues Philipp Hagemeister (Sep 23)
- <Possible follow-ups>
- Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues admin (Sep 22)