Express-cart
This hub aggregates every CVE we track for Express-cart, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Express-cart.
- CVE-2020-22403Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.8.8
- CVE-2021-32573The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking...4.8
- CVE-2018-16483A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.8.8
- CVE-2018-12457expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.8.8
- CVE-2018-3758Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.8.8
Product normalization is registry-driven with AI assist and human review. How it works