Print Page | Close Window

Vulnerability? Able to change BTO price clientside

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart Build To Order
Forum Name: Using BTO
Forum Description: Exchange message with other users of ProductCart Build To Order
URL: https://forum.productcart.com/forum_posts.asp?TID=5719
Printed Date: 25-April-2024 at 10:18am
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com


Topic: Vulnerability? Able to change BTO price clientside
Posted By: ProductCart
Subject: Vulnerability? Able to change BTO price clientside
Date Posted: 18-September-2013 at 1:42pm
Hi Brett,

Thank you for your comments. We agree and can assure you that we take security vulnerabilities and issues like this very seriously, and in fact had previously posted a patch for the same (or very similar) issue back under v4.1:

http://www.productcart.com/release-log.asp" rel="nofollow - http://www.productcart.com/release-log.asp

However in terms of the current issue, it appears to be specific to IE10 only (at least in our tests) which is caching configuration pricing when the customer uses the browser's 'Back' button from the Shopping Cart Page (to go back to the Configuration Page). It would be very helpful to know if you are able to replicate this under other browsers as well?

At this time, we agree with your suggestion to remove the specifics of this vulnerability for security reasons and will contact you directly to verify the circumstances and post a full patch as soon as possible.

Sincerely,



-------------
The ProductCart Team

Home of ProductCart http://www.productcart.com" rel="nofollow - shopping cart software


Print Page | Close Window

Forum Software by Web Wiz Forums® version 12.04 - http://www.webwizforums.com
Copyright ©2001-2021 Web Wiz Ltd. - https://www.webwiz.net