An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.
This Cyber News was published on www.tenable.com. Publication date: Sat, 04 Jan 2025 04:56:02 +0000