Elastic Path - Administrative Session Hijacking through Embedded XSS
- Published: 26 Apr 2007
- Type: Elastic Path – Administrative Session Hijacking through Embedded XSS
- Severity: High
Affected Products
Elastic Path
Elastic Path has been identified to be vulnerable to an embedded Cross Site Scripting (XSS) attack that could potentially allow remote attackers to hijack a legitimate administrator’s session cookie. An attacker could exploit this vulnerability to gain unauthorised access to the Elastic Patch Commerce Manager and obtain administrative privileges.