Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express-cart project express-cart vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-22403
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows malicious users to add an administrator account, add discount code or other unspecified impacts.
Express-cart Project Express-cart
6.5
CVSSv2
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Express-cart Project Express-cart
3.5
CVSSv2
CVE-2021-32573
The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Express-cart Project Express-cart
9
CVSSv2
CVE-2018-3758
Unrestricted file upload (RCE) in express-cart module prior to 1.1.7 allows a privileged user to gain access in the hosting machine.
Express-cart Project Express-cart
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started