RSS   Vulnerabilities for 'Express-cart'   RSS

2021-08-12
 
CVE-2020-22403

CWE-352
 
 
The express-cart package through 1.1.10 for Node.js allows CSRF.

 
2019-02-01
 
CVE-2018-16483

CWE-269
 
 
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.

 
2018-06-07
 
CVE-2018-3758

CWE-434
 
 
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.

 

Copyright 2024, cxsecurity.com

 

Back to Top