Elastic Path - Administrative Session Hijacking through Embedded XSS
- Published: 26 Apr 2007
Elastic Path - Administrative Session Hijacking through Embedded XSS
Share
Type
- Elastic Path – Administrative Session Hijacking through Embedded XSS
Severity
- High
Affected products
- Elastic Path
Date
- 2007-04-26
CVE Reference
- N/A
Elastic Path has been identified to be vulnerable to an embedded Cross Site Scripting (XSS) attack that could potentially allow remote attackers to hijack a legitimate administrator’s session cookie. An attacker could exploit this vulnerability to gain unauthorised access to the Elastic Patch Commerce Manager and obtain administrative privileges.