Reddit: IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter

Summary: This vulnerability consist of modifying the PayPal transaction ID to buy a big coin pack but paying the small price for it. Impact: The only impact here could be that you don't earn the money you deserve, and users can offer a lot of presents to other users, breaking the magic of the...

Node.js third-party modules: [public] Stored XSS in the filename when directories listing

I would like to report a Stored XSS issue in module public It allows executing malicious javascript code in the user's browser. Module module name: public version: 0.1.3 npm page: https://www.npmjs.com/package/public Module Description Run static file hosting server with specified public dir &...