ProductCart Shopping Cart Software Forums : Vulnerability? Able to change BTO price clientside

ProductCart Shopping Cart Software Forums : Vulnerability? Able to change BTO price clientside https://forum.productcart.com/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Fri, 10 Apr 2026 13:57:38 +0000 Wed, 18 Sep 2013 13:42:05 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.04 360 https://forum.productcart.com/RSS_post_feed.asp?TID=5719 <![CDATA[ProductCart Shopping Cart Software Forums]]> https://forum.productcart.com/forum_images/pc_logo_50.png https://forum.productcart.com/ <![CDATA[Vulnerability? Able to change BTO price clientside : Hi Brett,Thank you for your comments....]]> https://forum.productcart.com/vulnerability-able-to-change-bto-price-clientside_topic5719_post21606.html#21606 Author: ProductCart
Subject: 5719
Posted: 18-September-2013 at 1:42pm

Hi Brett,

Thank you for your comments. We agree and can assure you that we take security vulnerabilities and issues like this very seriously, and in fact had previously posted a patch for the same (or very similar) issue back under v4.1:

http://www.productcart.com/release-log.asp

However in terms of the current issue, it appears to be specific to IE10 only (at least in our tests) which is caching configuration pricing when the customer uses the browser's 'Back' button from the Shopping Cart Page (to go back to the Configuration Page). It would be very helpful to know if you are able to replicate this under other browsers as well?

At this time, we agree with your suggestion to remove the specifics of this vulnerability for security reasons and will contact you directly to verify the circumstances and post a full patch as soon as possible.

Sincerely,

Edited by earlyimp - 18-September-2013 at 1:42pm]]> Wed, 18 Sep 2013 13:42:05 +0000 https://forum.productcart.com/vulnerability-able-to-change-bto-price-clientside_topic5719_post21606.html#21606