Dear all, the security bulletin 2017-001 is publicly available: https://oxidforge.org/en/security-bulletin-2017-001.html
Under certain pre-conditions an attacker would be able to hijack the cart session of a client via a Cross-Site Request Forgery (CSRF). We calculated a CVSS = 2.2. Regards Marco
