solidus is vulnerable to cross-site request forgery. The vulnerability exists in routes.rb
due to a lack of input validation, allowing an attacker to inject and execute arbitrary javascript to make changes to the system.
github.com/solidusio/solidus/commit/0334477b875af6aad92e6b56a43708e0290acc10
github.com/solidusio/solidus/commit/284afa8dda064b5f55312b7be4ad7ae0d39e17d3
github.com/solidusio/solidus/commit/5cd33b13c86f1a7089037d4ca2df9c3f10942ba6
github.com/solidusio/solidus/commit/de796a2e0be7f154cae48b46e267501559d9716c
github.com/solidusio/solidus/security/advisories/GHSA-8639-qx56-r428