Vulnerability? Able to change BTO price clientside |
Post Reply |
Author | |
ProductCart
Admin Group ProductCart Team Joined: 01-October-2003 Status: Offline Points: 135 |
Post Options
Thanks(0)
Posted: 18-September-2013 at 1:42pm |
Hi Brett,
Thank you for your comments. We agree and can assure you that we take security vulnerabilities and issues like this very seriously, and in fact had previously posted a patch for the same (or very similar) issue back under v4.1: However in terms of the current issue, it appears to be specific to IE10 only (at least in our tests) which is caching configuration pricing when the customer uses the browser's 'Back' button from the Shopping Cart Page (to go back to the Configuration Page). It would be very helpful to know if you are able to replicate this under other browsers as well? At this time, we agree with your suggestion to remove the specifics of this vulnerability for security reasons and will contact you directly to verify the circumstances and post a full patch as soon as possible. Sincerely, Edited by earlyimp - 18-September-2013 at 1:42pm |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |