> NOTE! Thanks for submitting a report! Please replace all the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!
I would like to report Reflected XSS in the npm module express-cart. It allows a user to insert malicious payload in the user input field and the script gets reflected in the browser
module name: express-cart
expressCart is a fully functional shopping cart built in Node.js (Express, MongoDB) with Stripe, PayPal, and Authorize.net payments.
 downloads in the last week
when the admin user creates a request for a new product, then the field 'Product option' accepts any malicious user input. This lead me to identify the reflected XSS attack.
>l technical information about the stack where the vulnerability was found