BugTraq
Back to list
|
Post reply
Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues
Sep 22 2008 06:09PM
admin majorsecurity de
It's not the "PHPSESSID" parameter - instead it's the "XTCsid" parameter which is vulnerable to a session fixation attack.
Workaround:
================
Update to xt:Commerce 3.0.4 SP 2.1
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Workaround:
================
Update to xt:Commerce 3.0.4 SP 2.1
[ reply ]