AI Score
Confidence
High
EPSS
Percentile
72.4%
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
hackerone.com/reports/343626
www.npmjs.com/package/express-cart?activeTab=versions