The express-cart package up to and including 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
express-cart project express-cart |