Express-Cart Project: >> Express-Cart >> 1.1.6 Security Vulnerabilities
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-08-12
The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-05-11
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
CVSS Score
8.8
EPSS Score
0.069
Published
2018-06-07