Vulnerability Description
3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.
CVSS Score
7.8
HIGH
AV:N/AC:L/Au:N/C:N/I:C/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3D3.Com | Shopfactory | 5.8 |
Related Weaknesses (CWE)
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.html
- http://securityreason.com/securityalert/3263
- http://www.securityfocus.com/archive/1/301863
- http://www.securityfocus.com/bid/6296
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10746
- http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.html
- http://securityreason.com/securityalert/3263
- http://www.securityfocus.com/archive/1/301863
- http://www.securityfocus.com/bid/6296
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10746
FAQ
What is CVE-2002-2303?
CVE-2002-2303 is a vulnerability with a CVSS score of 7.8 (HIGH). 3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie ...
How severe is CVE-2002-2303?
CVE-2002-2303 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2303?
Check the references section above for vendor advisories and patch information. Affected products include: 3D3.Com Shopfactory.