Enviar #640784: GrandNode grandnode2 2.3.0 Cross Site Scriptinginformación

TítuloGrandNode grandnode2 2.3.0 Cross Site Scripting
DescripciónA race condition vulnerability was discovered in the gift voucher redemption process of grandnode/grandnode2. The flaw allows multiple distinct users or guests to redeem the same voucher concurrently via /checkout/ConfirmOrder/ endpoint. This can enable attackers with guest sessions or multiple accounts to redeem a single voucher multiple times across different guest sessions/accounts, potentially resulting in unauthorized financial gain. The vendor has been contacted privately without any responses.
Usuario
 kkc73 (UID 89422)
Sumisión2025-08-24 08:37 (hace 10 meses)
Moderación2025-09-10 12:48 (17 days later)
EstadoAceptado
Entrada de VulDB323485 [GrandNode hasta 2.3.0 Voucher /checkout/ConfirmOrder/ giftvouchercouponcode condición de carrera]
Puntos17

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!