| | | | crash | | 0007415 | 2024-08-08 | 1 | resolved | 1.05. Users | It's possible to partly hijack an account, in case the user provides an URL containing the parameter force_sid |
| | | | minor | | 0006699 | 2024-05-16 | 2 | resolved | 2.3. Extensions (modules, themes) | Two issues with the serialized basket |
| | | | minor | | 0005744 | 2023-12-06 | 1 | resolved | 4.09. SEO, SEO URL | Switching language in category "more" redirects to startpage |
| | | | crash | | 0007059 | 2022-08-22 | 3 | resolved | 1.05. Users | CreateUser does not check CSRF/session token |
| | | | minor | | 0006659 | 2017-07-26 | 3 | resolved | 2.3. Extensions (modules, themes) | Deactivating a module which extends basket causes shop maintenance mode |
| | | | major | | 0005771 | 2016-03-23 | 4 | resolved | 1.03. Basket, checkout process | Previous users cart details are shown to another user |
| | | | minor | 4.8.9 / 5.1.9 | 0005775 | 2015-07-08 | 2 | resolved | 4.06. Language and translations | DefaultLanguage collabs language selection in frontend |
| | | | major | 4.7.14 / 5.0.14 | 0005809 | 2014-07-25 | 1 | resolved | 4.04. Security | Session ID Disclosure |
| | | | major | 4.7.8 / 5.0.8 | 0005346 | 2013-10-07 | | resolved | 2. ----- eShop backend (admin) ----- | When there are a sid set in cookies and admin page has wysiwyg editor, user gets logged out |
| | | | major | 4.8.0_5.1.0_beta1 | 0004262 | 2013-05-29 | 3 | resolved | 4.07. Source code, Test | Change in oxSession::getBasket leads to sideeffect in oxutilsobject::_makeSafeModuleClassParents |
| | | | minor | 4.7.6 / 5.0.6 | 0005106 | 2013-05-06 | 1 | resolved | 1.05. Users | error messages do not disappear |
| | | | minor | | 0001429 | 2012-12-10 | 1 | resolved | 4.07. Source code, Test | "remoteaccess" parameter does not disable cookie check |
