Steam chat - trade offer presentation vulnerability
Medium
V
Valve
Submitted None
Team Summary
Official summary from Valve
It was possible to construct a Steam URL that began with "/tradeoffer/new" and included valid partner and token information, but which was in fact an external link. The crafted URL would be treated by the Steam Chat UI as a trade offer and given special visual treatment.
Actions:
Reported by
hackerontwowheels
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Business Logic Errors