Address Manipulation Vulnerability in xt:Commerce 5.1 to 6.2.2

Address Manipulation Vulnerability in xt:Commerce 5.1 to 6.2.2

CVE-2020-12101 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.

Learn more about our User Device Pen Test.