3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/10746http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.htmlhttp://securityreason.com/securityalert/3263http://www.securityfocus.com/archive/1/301863http://www.securityfocus.com/bid/6296
