Express-Cart Project: >> Express-Cart Security Vulnerabilities
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-12
The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-05-11
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-02-01
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
CVSS Score
8.8
EPSS Score
0.069
Published
2018-06-07