Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues
From: admin@xxxxxxxxxxxxxxxx
Date: 22 Sep 2008 18:09:05 -0000

It's not the "PHPSESSID" parameter - instead it's the "XTCsid" parameter which is vulnerable to a session fixation attack. 

Workaround: 
================
Update to xt:Commerce 3.0.4 SP 2.1

Prev by Date: Cross Site Scripting (XSS) Vulnerabilitiy in fuzzylime (cms) >=3.02, CVE-2008-3098
Next by Date: [ GLSA 200809-12 ] Newsbeuter: User-assisted execution of arbitrary code
Previous by thread: Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues
Next by thread: [security bulletin] HPSBUX02370 SSRT071459 rev.1 - HP-UX Running rpcbind, Remote Denial of Service (DoS)
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux