A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-09-10
Updated: 2026-04-29
Base Score: 2.1
Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 2.6
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Severity: Low
Base Score: 2.1
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Severity: Low
EPSS: 0.00023