GHSA-9pr3-7449-977r

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in express-cart

All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Ссылки

https://hackerone.com/reports/395944
https://www.npmjs.com/advisories/808

Пакеты

Наименование

express-cart

npm

Затронутые версииВерсия исправления

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79