52 matches found
EUVD-2021-1739
Malware in sbrugna...
EUVD-2019-0354
Malware in sbrugna...
EUVD-2022-2456
Malicious code in bioql PyPI...
CVE-2021-32573
The express-cart package through 1.1.10 for Node.js allows Reflected XSS for an admin via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website...
express-cart allows any user to create an admin user
Express-Cart before 1.1.6 allows remote attackers to create an admin user via an /admin/setup Referer header...
GHSA-HR89-W7P6-PJMQ express-cart allows any user to create an admin user
Express-Cart before 1.1.6 allows remote attackers to create an admin user via an /admin/setup Referer header...
express-cart unrestricted file upload vulnerability
Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...
GHSA-4W62-CQ5R-5MMQ express-cart unrestricted file upload vulnerability
Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...
GHSA-H5Q8-5697-9P9H Cross-Site Request Forgery in express-cart
The express-cart package through 1.1.10 for Node.js allows CSRF...
Cross-Site Request Forgery in express-cart
The express-cart package through 1.1.10 for Node.js allows CSRF...
CVE-2020-22403
Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...
CVE-2020-22403
Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...
PT-2021-10761 · Npm · Express-Cart
Name of the Vulnerable Software and Affected Versions: Express cart versions 1.1.10 and earlier Express cart version 1.1.16 Description: A Cross Site Request Forgery CSRF issue allows attackers to add an administrator account, add a discount code, or have other unspecified impacts. This issue...
CVE-2020-22403
Cross Site Request Forgery CSRF vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts...
CVE-2020-22403
CVE-2020-22403 affects the Express cart package for Node.js (v1.1.16). A CSRF vulnerability arises from missing/insufficient CSRF protections, enabling an attacker to perform unintended actions such as creating an administrator account or adding a discount code. The issue is confirmed across mult...
express-cart 跨站请求伪造漏洞
express-cart is a shopping cart module used in Node.js. A cross-site request forgery vulnerability exists in express-cart in Node.js, which stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could use this vulnerability to send...
Cross-Site Scripting (XSS)
express-cart is vulnerable to cross-site scripting XSS. An attacker with administrative privileges is able to inject and execute arbitrary Javascript in a victim's browser...
CVE-2021-32573
The express-cart package through 1.1.10 for Node.js allows Reflected XSS for an admin via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website...
Cross site scripting
DISPUTED The express-cart package through 1.1.10 for Node.js allows Reflected XSS for an admin via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website."...