CVE-2008-6045
xt:Commerce <3.0.4 - Info Disclosure
Title source: llmDescription
Session fixation vulnerability in shopping_cart.php in xt:Commerce 3.0.4 and earlier allows remote attackers to hijack web sessions by setting the XTCsid parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by David Vieira-Kurz · textwebappsphp
https://www.exploit-db.com/exploits/32406
References (5)
Scores
EPSS
0.0146
EPSS Percentile
80.6%
Classification
CWE
CWE-287
Status
draft
Affected Products (1)
xt-commerce/xt-commerce
< 3.0.4
Timeline
Published
Feb 03, 2009
Tracked Since
Feb 18, 2026