CVE-2020-12101
published 2020-04-30CVE-2020-12101: The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id…
PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
1.99%
78.1th percentile
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xt-commerce | xt-commerce | 5.1.0 – 6.2.2 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vgxc-rq2p-x5qw: The address-management feature in xt:Commerce 5
ghsa_unreviewed·2022-05-24
CVE-2020-12101 [MEDIUM] CWE-276 GHSA-vgxc-rq2p-x5qw: The address-management feature in xt:Commerce 5
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.
Citrix
Citrix Security Bulletin CTX269106
vendor_citrix·CVSS 7.5
CVE-2020-7473 [HIGH] Citrix Security Bulletin CTX269106
Citrix Security Bulletin CTX269106
CVE References: CVE-2020-7473, CVE-2020-8982, CVE-2020-8983, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX263526
vendor_citrix·CVSS 5.9
CVE-2020-6175 [MEDIUM] Citrix Security Bulletin CTX263526
Citrix Security Bulletin CTX263526
CVE References: CVE-2020-6175, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX282684
vendor_citrix·CVSS 9.8
CVE-2020-8257 [CRITICAL] Citrix Security Bulletin CTX282684
Citrix Security Bulletin CTX282684
CVE References: CVE-2020-8257, CVE-2020-8258, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/157534/xt-Commerce-5.4.1-6.2.1-6.2.2-Improper-Access-Control.htmlhttp://seclists.org/fulldisclosure/2020/May/0https://helpdesk.xt-commerce.com/index.php?/Knowledgebase/Article/View/1784/294/adressbuch-sicherheitspatch-17042020-fr-xtcommerce-51-bis-622https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-012.txthttp://packetstormsecurity.com/files/157534/xt-Commerce-5.4.1-6.2.1-6.2.2-Improper-Access-Control.htmlhttp://seclists.org/fulldisclosure/2020/May/0https://helpdesk.xt-commerce.com/index.php?/Knowledgebase/Article/View/1784/294/adressbuch-sicherheitspatch-17042020-fr-xtcommerce-51-bis-622https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-012.txt
2020-04-30
Published