Default Security bulletin 2017-001 published

Dear all,

the security bulletin 2017-001 is publicly available:
https://oxidforge.org/en/security-bu...-2017-001.html

Under certain pre-conditions an attacker would be able to hijack the cart session of a client via a Cross-Site Request Forgery (CSRF). We calculated a CVSS = 2.2.

Regards
__________________
Marco
http://oxidforge.org
http://about.me/marco.steinhaeuser

Will ignore unsolicited support requests via PM, email or IM.
Reply With Quote