Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcjMtNzQ0OS05Nzdy

Low
Permalink JSON

Cross-Site Scripting in express-cart

Affected Packages Affected Versions Fixed Versions
npm:express-cart
PURL: pkg:npm/express-cart
>= 0 No known fixed version
1 Dependent packages
2 Dependent repositories
168 Downloads last month

Affected Version Ranges

All affected versions

0.0.1-security, 1.0.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17

All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

References:

Identifiers

GHSA-9pr3-7449-977r

Risk

Severity

Low

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 5 years ago

Updated

almost 3 years ago

API

JSON