CVE-2016-2863
published 2016-07-03CVE-2016-2863: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote…
high8CVSS 3.0
AVNACLPRLUIRSUCHIHAH
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |