Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/express-cart@1.1.4
Typenpm
Namespace
Nameexpress-cart
Version1.1.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-145a-97vu-jyeg
vulnerability_id VCID-145a-97vu-jyeg
summary 
Cross-Site Request Forgery (CSRF)
The express-cart package for Node.js allows CSRF.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-22403
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.33929
published_at 2026-06-04T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.34031
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-22403
1
reference_url https://github.com/mrvautin/expressCart
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart
2
reference_url https://github.com/mrvautin/expressCart/commit/cd3ba1bc609c2f2946bfbc7ee2fccf3483eb71fb
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart/commit/cd3ba1bc609c2f2946bfbc7ee2fccf3483eb71fb
3
reference_url https://github.com/mrvautin/expressCart/issues/120
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart/issues/120
4
reference_url https://hackerone.com/reports/395944
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/395944
5
reference_url https://security.netapp.com/advisory/ntap-20210909-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210909-0004
6
reference_url https://www.npmjs.com/package/express-cart
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/express-cart
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-22403
reference_id CVE-2020-22403
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-22403
fixed_packages
0
url pkg:npm/express-cart@1.1.11
purl pkg:npm/express-cart@1.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eb7w-y953-67dy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.11
1
url pkg:npm/express-cart@1.1.17
purl pkg:npm/express-cart@1.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eb7w-y953-67dy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.17
aliases CVE-2020-22403, GHSA-h5q8-5697-9p9h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-145a-97vu-jyeg
1
url VCID-2cjq-uzsm-1uer
vulnerability_id VCID-2cjq-uzsm-1uer
summary 
express-cart allows any user to create an admin user
Express-Cart before 1.1.6 allows remote attackers to create an admin user via an `/admin/setup` Referer header.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-12457
reference_id
reference_type
scores
0
value 0.00524
scoring_system epss
scoring_elements 0.67341
published_at 2026-06-05T12:55:00Z
1
value 0.00524
scoring_system epss
scoring_elements 0.67299
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-12457
1
reference_url https://github.com/mrvautin/expressCart
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart
2
reference_url https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
3
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/469.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/469.json
4
reference_url https://hackerone.com/reports/343626
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/343626
5
reference_url https://snyk.io/vuln/npm:express-cart:20180712
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:express-cart:20180712
6
reference_url https://www.npmjs.com/advisories/730
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/730
7
reference_url https://www.npmjs.com/package/express-cart?activeTab=versions
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/express-cart?activeTab=versions
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-12457
reference_id CVE-2018-12457
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-12457
9
reference_url https://github.com/advisories/GHSA-hr89-w7p6-pjmq
reference_id GHSA-hr89-w7p6-pjmq
reference_type
scores
url https://github.com/advisories/GHSA-hr89-w7p6-pjmq
fixed_packages
0
url pkg:npm/express-cart@1.1.6
purl pkg:npm/express-cart@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-atgx-r2qy-8ufe
2
vulnerability VCID-eb7w-y953-67dy
3
vulnerability VCID-w999-rut7-z3cc
4
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.6
aliases CVE-2018-12457, GHSA-hr89-w7p6-pjmq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cjq-uzsm-1uer
2
url VCID-atgx-r2qy-8ufe
vulnerability_id VCID-atgx-r2qy-8ufe
summary 
NoSQL injection in express-cart
Versions of `express-cart` before 1.1.8 are vulnerable to NoSQL injection. 

The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query which allows to insert operators. 

These operators can be used to extract the value of the field blindly in the same manner of a blind SQL injection. In this case, the `$regex` operator is used to guess each character of the token from the start.


## Recommendation

Update to version 1.1.8 or later.
references
0
reference_url https://github.com/nodejs/security-wg
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/security-wg
1
reference_url https://github.com/nodejs/security-wg/blob/master/vuln/npm/472.json
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/security-wg/blob/master/vuln/npm/472.json
2
reference_url https://hackerone.com/reports/397445
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/397445
3
reference_url https://www.npmjs.com/advisories/724
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/724
4
reference_url https://github.com/advisories/GHSA-f5cv-xrv9-r8w7
reference_id GHSA-f5cv-xrv9-r8w7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f5cv-xrv9-r8w7
fixed_packages
0
url pkg:npm/express-cart@1.1.8
purl pkg:npm/express-cart@1.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-eb7w-y953-67dy
2
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.8
aliases GHSA-f5cv-xrv9-r8w7, GMS-2020-717
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atgx-r2qy-8ufe
3
url VCID-cftz-enwf-6uht
vulnerability_id VCID-cftz-enwf-6uht
summary Relative Path Traversal in express-cart.
references
0
reference_url https://hackerone.com/reports/343726
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/343726
1
reference_url https://www.npmjs.com/advisories/676
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/676
2
reference_url https://github.com/advisories/GHSA-8h8v-6qqm-fwpq
reference_id GHSA-8h8v-6qqm-fwpq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8h8v-6qqm-fwpq
fixed_packages
0
url pkg:npm/express-cart@1.1.6
purl pkg:npm/express-cart@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-atgx-r2qy-8ufe
2
vulnerability VCID-eb7w-y953-67dy
3
vulnerability VCID-w999-rut7-z3cc
4
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.6
1
url pkg:npm/express-cart@1.1.7
purl pkg:npm/express-cart@1.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-atgx-r2qy-8ufe
2
vulnerability VCID-eb7w-y953-67dy
3
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.7
aliases GHSA-8h8v-6qqm-fwpq, GMS-2020-715
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cftz-enwf-6uht
4
url VCID-eb7w-y953-67dy
vulnerability_id VCID-eb7w-y953-67dy
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in express-cart.
references
0
reference_url https://hackerone.com/reports/395944
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/395944
1
reference_url https://www.npmjs.com/advisories/808
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/808
2
reference_url https://github.com/advisories/GHSA-9pr3-7449-977r
reference_id GHSA-9pr3-7449-977r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pr3-7449-977r
fixed_packages
aliases GHSA-9pr3-7449-977r, GMS-2020-716
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb7w-y953-67dy
5
url VCID-ewh1-bpnm-8fh4
vulnerability_id VCID-ewh1-bpnm-8fh4
summary 
Privilege Escalation in express-cart
Versions of `express-cart` before 1.1.6 are vulnerable to privilege escalation. This vulnerability can be exploited so that normal users can escalate their privilege and add new administrator users.


## Recommendation

Update to version 1.1.6 or later.
references
0
reference_url https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart/commit/baccaae9b0b72f00b10c5453ca00231340ad3e3b
1
reference_url https://github.com/nodejs/security-wg/blob/master/vuln/npm/469.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/security-wg/blob/master/vuln/npm/469.json
2
reference_url https://hackerone.com/reports/343626
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/343626
3
reference_url https://snyk.io/vuln/npm:express-cart:20180712
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/npm:express-cart:20180712
4
reference_url https://www.npmjs.com/advisories/730
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/730
5
reference_url https://github.com/advisories/GHSA-3fc5-9x9m-vqc4
reference_id GHSA-3fc5-9x9m-vqc4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3fc5-9x9m-vqc4
fixed_packages
0
url pkg:npm/express-cart@1.1.6
purl pkg:npm/express-cart@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-atgx-r2qy-8ufe
2
vulnerability VCID-eb7w-y953-67dy
3
vulnerability VCID-w999-rut7-z3cc
4
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.6
aliases GHSA-3fc5-9x9m-vqc4, GMS-2019-122
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ewh1-bpnm-8fh4
6
url VCID-w999-rut7-z3cc
vulnerability_id VCID-w999-rut7-z3cc
summary 
Path Traversal
Unrestricted file upload (RCE)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-3758
reference_id
reference_type
scores
0
value 0.00852
scoring_system epss
scoring_elements 0.7527
published_at 2026-06-04T12:55:00Z
1
value 0.00852
scoring_system epss
scoring_elements 0.753
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-3758
1
reference_url https://github.com/mrvautin/expressCart/commit/65b18cfe426fa217aa6ada1d4162891883137893
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mrvautin/expressCart/commit/65b18cfe426fa217aa6ada1d4162891883137893
2
reference_url https://hackerone.com/reports/343726
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/343726
3
reference_url https://github.com/nodejs/security-wg/blob/main/vuln/npm/441.json
reference_id 441
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
url https://github.com/nodejs/security-wg/blob/main/vuln/npm/441.json
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-3758
reference_id CVE-2018-3758
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-3758
5
reference_url https://github.com/advisories/GHSA-4w62-cq5r-5mmq
reference_id GHSA-4w62-cq5r-5mmq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w62-cq5r-5mmq
fixed_packages
0
url pkg:npm/express-cart@1.1.7
purl pkg:npm/express-cart@1.1.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-atgx-r2qy-8ufe
2
vulnerability VCID-eb7w-y953-67dy
3
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.7
aliases CVE-2018-3758, GHSA-4w62-cq5r-5mmq
risk_score 4.1
exploitability 0.5
weighted_severity 8.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w999-rut7-z3cc
7
url VCID-wk1m-n6h7-ufbv
vulnerability_id VCID-wk1m-n6h7-ufbv
summary 
Improper Privilege Management
A deficiency in the access control in module express-cart allows unprivileged users to add new users to the application as administrators.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16483
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48207
published_at 2026-06-04T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.4827
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16483
1
reference_url https://github.com/advisories/GHSA-wj36-v8j4-pc7c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wj36-v8j4-pc7c
2
reference_url https://hackerone.com/reports/343626
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/343626
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16483
reference_id CVE-2018-16483
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-16483
fixed_packages
0
url pkg:npm/express-cart@1.1.6
purl pkg:npm/express-cart@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-145a-97vu-jyeg
1
vulnerability VCID-atgx-r2qy-8ufe
2
vulnerability VCID-eb7w-y953-67dy
3
vulnerability VCID-w999-rut7-z3cc
4
vulnerability VCID-wx6w-8yww-v3em
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.6
aliases CVE-2018-16483, GHSA-wj36-v8j4-pc7c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wk1m-n6h7-ufbv
8
url VCID-wx6w-8yww-v3em
vulnerability_id VCID-wx6w-8yww-v3em
summary 
Cross-site Scripting
(This issue is currently in DISPUTED state). The express-cart package for Node.js allows Reflected XSS (for an admin) via a user input field for product options. The vendor states that this "would rely on an admin hacking his/her own website."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32573
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43704
published_at 2026-06-04T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.43774
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32573
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32573
reference_id CVE-2021-32573
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32573
fixed_packages
0
url pkg:npm/express-cart@1.1.11
purl pkg:npm/express-cart@1.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-eb7w-y953-67dy
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.11
aliases CVE-2021-32573
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wx6w-8yww-v3em
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/express-cart@1.1.4