| Titel | GrandNode grandnode2 2.3.0 Cross Site Scripting |
|---|
| Beschreibung | A race condition vulnerability was discovered in the gift voucher redemption process of grandnode/grandnode2. The flaw allows multiple distinct users or guests to redeem the same voucher concurrently via /checkout/ConfirmOrder/ endpoint. This can enable attackers with guest sessions or multiple accounts to redeem a single voucher multiple times across different guest sessions/accounts, potentially resulting in unauthorized financial gain. The vendor has been contacted privately without any responses. |
|---|
| Benutzer | kkc73 (UID 89422) |
|---|
| Einreichung | 24.08.2025 08:37 (vor 10 Monaten) |
|---|
| Moderieren | 10.09.2025 12:48 (17 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 323485 [GrandNode bis 2.3.0 Voucher /checkout/ConfirmOrder/ giftvouchercouponcode Race Condition] |
|---|
| Punkte | 17 |
|---|