Elastic Path - Administrative Session Hijacking through Embedded XSS

    Type

  • Elastic Path – Administrative Session Hijacking through Embedded XSS

    • Severity

  • High

    • Affected products

  • Elastic Path

    • Date

  • 2007-04-26

    • CVE Reference

  • N/A

Elastic Path has been identified to be vulnerable to an embedded Cross Site Scripting (XSS) attack that could potentially allow remote attackers to hijack a legitimate administrator’s session cookie. An attacker could exploit this vulnerability to gain unauthorised access to the Elastic Patch Commerce Manager and obtain administrative privileges.