express-cart@1.1.16 vulnerabilities
A fully functioning Node.js shopping cart with Stripe, PayPal and Authorize.net payments.
-
latest version
1.1.17
-
first published
9 years ago
-
latest version published
5 years ago
-
licenses detected
- >=1.1.4
Direct Vulnerabilities
Known vulnerabilities in the express-cart package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
express-cart is a fully functional shopping cart built in Node.js (Express, MongoDB) with Stripe, PayPal and Authorize.net payments. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via How to fix Cross-site Request Forgery (CSRF)? A fix was pushed into the |
*
|
express-cart is a fully functional shopping cart built in Node.js (Express, MongoDB) with Stripe, PayPal and Authorize.net payments. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows a user to insert malicious payload in the user input field and the script gets reflected in the browser. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
*
|