NodeJS/express-cart/1.1.17
A fully functioning Node.js shopping cart with Stripe, PayPal and Authorize.net payments.
https://www.npmjs.com/package/express-cart
MIT
1 Security Vulnerabilities
Cross-Site Scripting in express-cart
Published date: 2020-09-02T18:21:26Z
Links:
All versions of harp
are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Affected versions:
["0.0.1-security", "1.0.1", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.1.6", "1.1.7", "1.1.8", "1.1.9", "1.1.10", "1.1.11", "1.1.12", "1.1.13", "1.1.14", "1.1.15", "1.1.16", "1.1.17"]
Secure versions:
[]
19 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.1.17 | MIT | 1 | 2020-03-20 - 05:16 | about 4 years |
1.1.16 | MIT | 2 | 2020-01-22 - 09:28 | over 4 years |
1.1.15 | MIT | 2 | 2019-12-18 - 07:12 | over 4 years |
1.1.14 | MIT | 2 | 2019-11-11 - 09:18 | over 4 years |
1.1.13 | MIT | 2 | 2019-10-26 - 06:51 | over 4 years |
1.1.12 | MIT | 2 | 2019-06-13 - 11:15 | almost 5 years |
1.1.11 | MIT | 2 | 2019-02-09 - 10:56 | about 5 years |
1.1.10 | MIT | 2 | 2018-10-05 - 11:59 | over 5 years |
1.1.9 | MIT | 2 | 2018-08-31 - 05:13 | over 5 years |
1.1.8 | MIT | 2 | 2018-08-31 - 03:31 | over 5 years |
1.1.7 | MIT | 4 | 2018-06-01 - 11:32 | almost 6 years |
1.1.6 | MIT | 5 | 2018-05-30 - 09:08 | almost 6 years |
1.1.5 | MIT | 11 | 2018-02-05 - 18:34 | about 6 years |
1.1.4 | MIT | 11 | 2018-02-05 - 18:26 | about 6 years |
1.1.3 | ISC | 11 | 2018-02-05 - 15:53 | about 6 years |
1.1.2 | ISC | 11 | 2018-02-03 - 19:20 | about 6 years |
1.1.1 | MIT | 11 | 2018-01-10 - 20:28 | over 6 years |
1.0.1 | MIT | 11 | 2018-01-09 - 21:09 | over 6 years |
0.0.1-security | ISC | 11 | 2016-07-11 - 17:31 | almost 8 years |