Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout Handler. The manipulation of the argument priceId leads to business logic errors. The attack may be initiated remotely.
AnalysisAI
A business logic vulnerability exists in mickasmt next-saas-stripe-starter version 1.0.0 within the generateUserStripe function of the Checkout Handler component, where manipulation of the priceId parameter can lead to unauthorized modification of transaction data. An authenticated remote attacker can exploit this vulnerability to alter billing information or trigger unintended payment processing logic, potentially causing financial discrepancies or service abuse. With a CVSS score of 4.3 and low attack complexity, this vulnerability represents a moderate risk requiring prompt attention despite the low impact rating.
Technical ContextAI
This vulnerability exists in the next-saas-stripe-starter project (CPE: cpe:2.3:a:mickasmt:next-saas-stripe-starter), a TypeScript/Next.js SaaS boilerplate that integrates Stripe payment processing. The vulnerable function generateUserStripe in actions/generate-user-stripe.ts handles Checkout Handler operations and processes the priceId parameter without sufficient validation or authorization checks. The root cause is classified under CWE-840 (Business Logic Errors), indicating that while cryptographic or injection protections may be in place, the application fails to properly validate that user-supplied priceId values correspond to legitimate, authorized pricing tiers before processing them in the payment workflow. This is a common issue in payment integration code where insufficient business rule enforcement allows attackers to request pricing configurations they should not have access to.
RemediationAI
Immediately upgrade mickasmt next-saas-stripe-starter beyond version 1.0.0 to obtain security patches; verify the fixed version from the official repository at https://vuldb.com/?id.352374 or the project maintainer. Implement server-side validation of all priceId parameters against an allowlist of legitimate Stripe price IDs authorized for the authenticated user's subscription tier, never trusting client-supplied pricing identifiers. Enforce stricter authorization checks in the generateUserStripe function to ensure the authenticated user is permitted to purchase the requested price before processing with Stripe. Add comprehensive audit logging for all price modification attempts and payment operations. Until patching is possible, restrict Checkout Handler access to trusted IP ranges and implement rate limiting on generateUserStripe API endpoints to reduce automated exploitation risk.
More in Next Saas Stripe Starter
View allImproper authorization in mickasmt next-saas-stripe-starter 1.0.0 allows authenticated users to manipulate userId and ro
An authorization bypass vulnerability exists in mickasmt next-saas-stripe-starter version 1.0.0 within the openCustomerP
Same weakness CWE-840 – Business Logic Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14304
GHSA-chcq-j338-6wqm