Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2020-22403

Disclosure Date: August 12, 2021 (last updated February 23, 2025)
Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-32573

Disclosure Date: May 11, 2021 (last updated February 22, 2025)
The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16251

Disclosure Date: October 31, 2019 (last updated November 27, 2024)
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-16483

Disclosure Date: February 01, 2019 (last updated November 27, 2024)
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
0
0
Attacker Value
Unknown

CVE-2018-3758

Disclosure Date: June 07, 2018 (last updated November 26, 2024)
Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0