CVE-2020-12101

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt