CVE-2002-2303 Information

Description

3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.html http://securityreason.com/securityalert/3263 http://www.securityfocus.com/archive/1/301863 http://www.securityfocus.com/bid/6296 https://exchange.xforce.ibmcloud.com/vulnerabilities/10746