Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.
For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email firstname.lastname@example.org.
Hello, i just found a bug in magento where you could use your comment form to comment on other magento sites. It’s by modifying the action adress on the comment form . Is there a way to modify this path :
http:// [your-site-name] /review/product/post/id/ [product-id-nr] / becouse this is the actual vulnerability.