Description
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.
Remediation
References
Related Vulnerabilities
osCommerce Other Vulnerability (CVE-2005-1951)
Atlassian Jira CVE-2021-39122 Vulnerability (CVE-2021-39122)
WordPress Plugin Login With Ajax Cross-Site Scripting (3.1.6)
WordPress Plugin Export Users to CSV CSV Injection (1.4.2)
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.10)