2020-04-30 13:40:34
mitre
PUBLISHED
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other users stored addresses by manipulating an id field in the POST request for altering an address.