Re: [MajorSecurity Advisory #54]xt:Commerce - Cross Site Scripting and Session Fixation Issues

Mon, 22 Sep 2008 12:56:14 -0700 

It's not the "PHPSESSID" parameter - instead it's the "XTCsid" parameter which 
is vulnerable to a session fixation attack. 



Workaround: 

================

Update to xt:Commerce 3.0.4 SP 2.1

Reply via email to