Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
express-cart project express-cart vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-32573
The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Express-cart Project Express-cart
8.8
CVSSv3
CVE-2020-22403
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows malicious users to add an administrator account, add discount code or other unspecified impacts.
Express-cart Project Express-cart
8.8
CVSSv3
CVE-2018-16483
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Express-cart Project Express-cart
8.8
CVSSv3
CVE-2018-3758
Unrestricted file upload (RCE) in express-cart module prior to 1.1.7 allows a privileged user to gain access in the hosting machine.
Express-cart Project Express-cart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started