4 matches found
CVE-2021-32573
The express-cart package through 1.1.10 for Node.js allows Reflected XSS for an admin via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website...
CVE-2021-32573
The express-cart package through 1.1.10 for Node.js allows Reflected XSS for an admin via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website...
CVE-2021-32573
The express-cart package through 1.1.10 for Node.js allows Reflected XSS for an admin via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website...
CVE-2021-32573
CVE-2021-32573 affects express-cart up to version 1.1.10 for Node.js, where Reflected XSS can be triggered via a user input field for product options. The Red Hat advisory and Veracode report corroborate the vulnerability; Veracode notes an attacker with administrative privileges could inject and...