ProductCart E-Commerce Solutions Homepage
Forum Home Forum Home > ProductCart Build To Order > Using BTO
  New Posts New Posts RSS Feed - Vulnerability? Able to change BTO price clientside
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Vulnerability? Able to change BTO price clientside

 Post Reply Post Reply
Author
Message
ProductCart View Drop Down
Admin Group
Admin Group
Avatar
ProductCart Team

Joined: 01-October-2003
Status: Offline
Points: 134
Post Options Post Options   Thanks (0) Thanks(0)   Quote ProductCart Quote  Post ReplyReply Direct Link To This Post Topic: Vulnerability? Able to change BTO price clientside
    Posted: 18-September-2013 at 1:42pm
Hi Brett,

Thank you for your comments. We agree and can assure you that we take security vulnerabilities and issues like this very seriously, and in fact had previously posted a patch for the same (or very similar) issue back under v4.1:


However in terms of the current issue, it appears to be specific to IE10 only (at least in our tests) which is caching configuration pricing when the customer uses the browser's 'Back' button from the Shopping Cart Page (to go back to the Configuration Page). It would be very helpful to know if you are able to replicate this under other browsers as well?

At this time, we agree with your suggestion to remove the specifics of this vulnerability for security reasons and will contact you directly to verify the circumstances and post a full patch as soon as possible.

Sincerely,



Edited by earlyimp - 18-September-2013 at 1:42pm
The ProductCart Team

Home of ProductCart shopping cart software
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 11.07
Copyright ©2001-2016 Web Wiz Ltd.

This page was generated in 0.039 seconds.